Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRj

Overview

General Information

Sample URL:https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9
Analysis ID:1447156
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 4148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=2724,i,12712622127196477524,10411998634779368472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 4996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA," MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA,HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:64956 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.6:64953 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.6:57034 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA, HTTP/1.1Host: ibx2.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ibx2.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA,Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ibx2.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: ibx2.net
Source: manifest.json.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64956
Source: unknownNetwork traffic detected: HTTP traffic on port 64954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:64956 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3004_1166289982Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3004_1166289982\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3004_1166289982\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3004_1166289982\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3004_1166289982\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_3004_1053717237Jump to behavior
Source: classification engineClassification label: clean1.win@17/6@6/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=2724,i,12712622127196477524,10411998634779368472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA,"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=2724,i,12712622127196477524,10411998634779368472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA,0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://ibx2.net/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    ibx2.net
    		34.111.8.32
    		truefalse
      		unknown
      www.google.com
      		216.58.206.36
      		truefalse
        		unknown
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://ibx2.net/favicon.icofalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          216.58.206.36
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          34.111.8.32
          		ibx2.netUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.7
          192.168.2.6

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1447156
          Start date and time:2024-05-24 14:45:31 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 41s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA,
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:7
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean1.win@17/6@6/5
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0

          Warnings

          • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 172.217.18.110, 142.250.186.163, 64.233.184.84, 34.104.35.123, 20.114.59.183, 192.229.221.95, 20.3.187.198, 93.184.221.240, 20.242.39.171, 142.250.181.227, 142.250.185.206
          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3004_1166289982\_metadata\verified_contents.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1311
          Entropy (8bit):5.996625649405505
          Encrypted:false
          SSDEEP:24:pZRj/flTLVmddL9V7aoX9cz+MJx2Klm6b+LrdoXH0P4NC/lBTkCKNXvF:p/hLAdvV7akA1UZkUygllkC4fF
          MD5:1B902651165F365CE171967091E325DA
          SHA1:D564887A167C8C588BC8FDF1259C94A377967DB8
          SHA-256:36C438E32D79F8AF43D6CD90A9FEAEF423674AE78852557F716271C007D6028C
          SHA-512:78A4EE7F653D552D000C3C1E47B8D97F0523DA72A6B8E93EDB9F56760CCDC145F27AE94B3E801A4184D746C77FB2B7105CA4DE266C10B946E87C91A358620CA2
          Malicious:false
          Reputation:low
          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiM1VPenItckZQRmRXdFR0YW1IX3Jsc3A0MGdGc1ZST3BjYkxWY0tsWndOQSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Imxsa2dqZmZjZHBmZm1oaWFrbWZjZGNibG9oY2NwZm1vIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjAuMTUiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"eLUKAQKHsg7CCx3QK8YmTLjqL0An1wDJzZVzJWQJjtsC6qXWZvWzPUE1DRUlerxJCvCbEJE6Xjvnz-dYd6DtnAkey1io3BU1YpAoWKXQvFS3t2rX9Ybg7aNjB7Zf0nvPXDhbbddfYEFkyWZ6eOn1BhwJo87DgGS_sZ2v_hjSs4j-XsquQ9UIQTQedxUJr_4EQ_HddxajOui5eUkikFpGxVug9XuUpvaefAtxA2T8Y6fAWWSVoUKx43oVcqscF6wylM1BdK7OmJbccrjk2IYMUMPKMLwqZfZFTVmtIz5VsTZCeNXhY4sJvdI8mS6M7WQ__NoZkfShi7Vi6ap-o71Wew"},{"header":{"kid":"webstore"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"QhGoJ1b2rHQ4Kcp-G8sf1kGA8xe5DEl97ZW6O

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3004_1166289982\manifest.fingerprint

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):66
          Entropy (8bit):3.82777764407819
          Encrypted:false
          SSDEEP:3:SWjX2RCQdE+ZD8MXcAdTSqn:SWjX2JdbZDhXPdTSqn
          MD5:D8ADF922B4F26B8D100BED213F3EABEB
          SHA1:F91139716E99F0374B1610EBE9F5B7A8827A84CC
          SHA-256:4EE4858DA2C7E49D3630CB497FA0BB3EF0602E4C0CA732DB7A25811099144E4F
          SHA-512:B54BB4D108C25937F6F03A918D48201791BB7B6943A5EC51A8680E6CABC683E9DDF606E5330656C54293EBF4D09437CAB8B1E40E7EAF75D92D48A8647DCDCB13
          Malicious:false
          Reputation:low
          Preview:1.3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3004_1166289982\manifest.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):300
          Entropy (8bit):4.707443234515725
          Encrypted:false
          SSDEEP:6:zeXC6WQpVyTJCAEIfd26VO9bIA6VDHs/C6wrhKXk7Vm01LwyAGI/zqSkhO:0eTJCAEQLO9hQADgK0711LqGik8
          MD5:DB7EB7E54EED7C7A94FABEF1FF06FFCE
          SHA1:59EC7C4812B8281EEDEE765E052D280EF6D14BE1
          SHA-256:DD43B3AFEAC53C5756B53B5A987FEB96CA78D2016C5513A971B2D570A959C0D0
          SHA-512:EAAE4182DBBD8C53A83CEFC0070C1BA4542FDBF912E39537054F2FD5EEF3AB0A6247F37D17ACAB31859A72FE69B2008D5EA5FF04FDE3FB31666C2CADA205EA53
          Malicious:false
          Reputation:low
          Preview:{. "description" : "Origin Trials public key updates and disabled features list",. "manifest_version" : 2,. "minimum_chrome_version" : "55",. "name" : "Origin Trials Updates",. "origin-trials" : null,. "update_url" : "https://clients2.google.com/service/update2/crx",. "version" : "1.0.0.15".}

          Chrome Cache Entry: 44

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
          Category:dropped
          Size (bytes):1150
          Entropy (8bit):3.799094911018403
          Encrypted:false
          SSDEEP:12:Xl8lNKhuu0l0aUEVmeoKsajOeo3w+USoj0Vj3TueMNo7cgaQnNBuMppX81NLK1:XlRucaQ3KpXnWjjZ7cfQnNBuMppUNm
          MD5:46A2285245303B1615CA40C64B5DC43F
          SHA1:E10915123B3BD5CFFD508011BE633EC8338A1354
          SHA-256:1EA6FD78D7583F8FDC9ADDF37FC9A8251C6499CD081E4DD3A5647864097B8319
          SHA-512:9CFD35D8834A3B26CAFF06D5C430D6CF186ABA58EC6F2F8C13CD157ACA1D0EBA1F40B438831CBE0BE4C5133E0D0675843BA993123A3ABCD25F5DA86A8CA8919C
          Malicious:false
          Reputation:low
          Preview:............ .h.......(....... ..... .....................................................................................................................................................................................................srv.....................................baf./-3.........................................................$").................DCH.....onr.............................................................TRW.............................:9>.......#.........cbf.................................................YW\.........#"(.....317.............................WUZ.............................|{................................".....<:@.........97=.......$.............................xw{.............................[Z^............................./-3.....&$*.........TSX.................RQV.....76;.....................mkp.........$#).......$.........a`d.....EDI...............................................................................................................

          Chrome Cache Entry: 45

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
          Category:downloaded
          Size (bytes):1150
          Entropy (8bit):3.799094911018403
          Encrypted:false
          SSDEEP:12:Xl8lNKhuu0l0aUEVmeoKsajOeo3w+USoj0Vj3TueMNo7cgaQnNBuMppX81NLK1:XlRucaQ3KpXnWjjZ7cfQnNBuMppUNm
          MD5:46A2285245303B1615CA40C64B5DC43F
          SHA1:E10915123B3BD5CFFD508011BE633EC8338A1354
          SHA-256:1EA6FD78D7583F8FDC9ADDF37FC9A8251C6499CD081E4DD3A5647864097B8319
          SHA-512:9CFD35D8834A3B26CAFF06D5C430D6CF186ABA58EC6F2F8C13CD157ACA1D0EBA1F40B438831CBE0BE4C5133E0D0675843BA993123A3ABCD25F5DA86A8CA8919C
          Malicious:false
          Reputation:low
          URL:https://ibx2.net/favicon.ico
          Preview:............ .h.......(....... ..... .....................................................................................................................................................................................................srv.....................................baf./-3.........................................................$").................DCH.....onr.............................................................TRW.............................:9>.......#.........cbf.................................................YW\.........#"(.....317.............................WUZ.............................|{................................".....<:@.........97=.......$.............................xw{.............................[Z^............................./-3.....&$*.........TSX.................RQV.....76;.....................mkp.........$#).......$.........a`d.....EDI...............................................................................................................

          Static File Info

          No static file info

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          May 24, 2024 14:46:28.765301943 CEST49674443192.168.2.6173.222.162.64
          May 24, 2024 14:46:28.765301943 CEST49673443192.168.2.6173.222.162.64
          May 24, 2024 14:46:29.077476025 CEST49672443192.168.2.6173.222.162.64
          May 24, 2024 14:46:33.153961897 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:33.154006004 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:33.154088974 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:33.154890060 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:33.154905081 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:34.049052000 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:34.049129963 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:36.229053020 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:36.229099035 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:36.229427099 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:36.280777931 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:36.588013887 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:36.588085890 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:36.588102102 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:36.588234901 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:36.630491972 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:36.781492949 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:36.781601906 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:36.781686068 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:36.823793888 CEST49710443192.168.2.640.113.110.67
          May 24, 2024 14:46:36.823820114 CEST4434971040.113.110.67192.168.2.6
          May 24, 2024 14:46:38.405328989 CEST49674443192.168.2.6173.222.162.64
          May 24, 2024 14:46:38.466955900 CEST49673443192.168.2.6173.222.162.64
          May 24, 2024 14:46:38.726387024 CEST49672443192.168.2.6173.222.162.64
          May 24, 2024 14:46:38.732258081 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:38.732342958 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:38.732430935 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:38.732677937 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:38.732712030 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:38.937319040 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:38.937355042 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:38.937431097 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:38.937599897 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:38.937611103 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:38.937663078 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:38.937798977 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:38.937817097 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:38.938000917 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:38.938014030 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.403779984 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:39.406991959 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:39.407021046 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:39.408210993 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:39.408307076 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:39.409445047 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:39.409542084 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:39.452721119 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:39.452801943 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:39.480612993 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.481288910 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.481309891 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:39.481314898 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.481564045 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.481573105 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:39.482474089 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:39.482554913 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.482805014 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.482867956 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.484731913 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.484807968 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:39.484890938 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.484972954 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.486150980 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.486160994 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:39.500328064 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:39.531833887 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.531833887 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.531856060 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.576448917 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.598663092 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:39.604218006 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:39.604293108 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.623497009 CEST49717443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.623519897 CEST4434971734.111.8.32192.168.2.6
          May 24, 2024 14:46:39.661303043 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.702501059 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.791762114 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.791932106 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.792073965 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.793853998 CEST49718443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.793873072 CEST4434971834.111.8.32192.168.2.6
          May 24, 2024 14:46:39.879237890 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.879327059 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:39.879416943 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.880409956 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:39.880443096 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:40.407177925 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:40.407953978 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:40.408015966 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:40.409033060 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:40.409116983 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:40.419126987 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:40.419214964 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:40.419825077 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:40.419836044 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:40.466505051 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:40.503375053 CEST44349705173.222.162.64192.168.2.6
          May 24, 2024 14:46:40.503472090 CEST49705443192.168.2.6173.222.162.64
          May 24, 2024 14:46:40.618352890 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:40.618601084 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:40.618668079 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:40.703629017 CEST49721443192.168.2.634.111.8.32
          May 24, 2024 14:46:40.703668118 CEST4434972134.111.8.32192.168.2.6
          May 24, 2024 14:46:41.021725893 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:41.021802902 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:41.021877050 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:41.022780895 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:41.022816896 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:41.660393000 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:41.660424948 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:41.660501957 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:41.664113045 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:41.664129019 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:41.889702082 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:41.889806032 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:41.900640011 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:41.900665998 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:41.900893927 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:41.904485941 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:41.904563904 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:41.904572010 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:41.904700994 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:41.946501017 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:42.137017965 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:42.137212992 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:42.137331963 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:42.137705088 CEST49722443192.168.2.640.113.110.67
          May 24, 2024 14:46:42.137725115 CEST4434972240.113.110.67192.168.2.6
          May 24, 2024 14:46:42.445547104 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:42.445635080 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.451766968 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.451776981 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:42.452105999 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:42.497828960 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.535964012 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.578501940 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:42.760376930 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:42.760477066 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:42.760524035 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.760672092 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.760688066 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:42.760700941 CEST49724443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.760708094 CEST44349724184.28.90.27192.168.2.6
          May 24, 2024 14:46:42.798263073 CEST49725443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.798284054 CEST44349725184.28.90.27192.168.2.6
          May 24, 2024 14:46:42.798362970 CEST49725443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.798639059 CEST49725443192.168.2.6184.28.90.27
          May 24, 2024 14:46:42.798650026 CEST44349725184.28.90.27192.168.2.6
          May 24, 2024 14:46:43.508055925 CEST44349725184.28.90.27192.168.2.6
          May 24, 2024 14:46:43.508306026 CEST49725443192.168.2.6184.28.90.27
          May 24, 2024 14:46:43.978759050 CEST49725443192.168.2.6184.28.90.27
          May 24, 2024 14:46:43.978776932 CEST44349725184.28.90.27192.168.2.6
          May 24, 2024 14:46:43.979710102 CEST44349725184.28.90.27192.168.2.6
          May 24, 2024 14:46:43.981829882 CEST49725443192.168.2.6184.28.90.27
          May 24, 2024 14:46:44.022501945 CEST44349725184.28.90.27192.168.2.6
          May 24, 2024 14:46:44.487185955 CEST44349725184.28.90.27192.168.2.6
          May 24, 2024 14:46:44.491767883 CEST44349725184.28.90.27192.168.2.6
          May 24, 2024 14:46:44.491842985 CEST49725443192.168.2.6184.28.90.27
          May 24, 2024 14:46:46.047267914 CEST49725443192.168.2.6184.28.90.27
          May 24, 2024 14:46:46.047283888 CEST44349725184.28.90.27192.168.2.6
          May 24, 2024 14:46:49.293855906 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:49.293941021 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:49.294001102 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:49.296641111 CEST49716443192.168.2.6216.58.206.36
          May 24, 2024 14:46:49.296668053 CEST44349716216.58.206.36192.168.2.6
          May 24, 2024 14:46:52.760708094 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:52.760828972 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:46:52.761075020 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:52.762008905 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:52.762047052 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:46:53.617469072 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:46:53.617590904 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:53.621809959 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:53.621840000 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:46:53.622641087 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:46:53.652048111 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:53.652861118 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:53.652895927 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:46:53.653507948 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:53.694503069 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:46:53.879889965 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:46:53.880111933 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:46:53.880332947 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:53.880495071 CEST49730443192.168.2.640.113.110.67
          May 24, 2024 14:46:53.880541086 CEST4434973040.113.110.67192.168.2.6
          May 24, 2024 14:47:13.333976984 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:13.334073067 CEST4434973140.113.110.67192.168.2.6
          May 24, 2024 14:47:13.334254980 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:13.334846973 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:13.334889889 CEST4434973140.113.110.67192.168.2.6
          May 24, 2024 14:47:14.168066978 CEST4434973140.113.110.67192.168.2.6
          May 24, 2024 14:47:14.168174982 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:14.172544956 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:14.172574043 CEST4434973140.113.110.67192.168.2.6
          May 24, 2024 14:47:14.173372030 CEST4434973140.113.110.67192.168.2.6
          May 24, 2024 14:47:14.175367117 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:14.175530910 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:14.175544977 CEST4434973140.113.110.67192.168.2.6
          May 24, 2024 14:47:14.175702095 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:14.218517065 CEST4434973140.113.110.67192.168.2.6
          May 24, 2024 14:47:14.397708893 CEST4434973140.113.110.67192.168.2.6
          May 24, 2024 14:47:14.398436069 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:14.398436069 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:14.398499012 CEST4434973140.113.110.67192.168.2.6
          May 24, 2024 14:47:14.398621082 CEST49731443192.168.2.640.113.110.67
          May 24, 2024 14:47:15.516114950 CEST5703453192.168.2.6162.159.36.2
          May 24, 2024 14:47:15.524832010 CEST5357034162.159.36.2192.168.2.6
          May 24, 2024 14:47:15.525084019 CEST5703453192.168.2.6162.159.36.2
          May 24, 2024 14:47:15.525084019 CEST5703453192.168.2.6162.159.36.2
          May 24, 2024 14:47:15.585278988 CEST5357034162.159.36.2192.168.2.6
          May 24, 2024 14:47:15.985549927 CEST5357034162.159.36.2192.168.2.6
          May 24, 2024 14:47:16.005652905 CEST5703453192.168.2.6162.159.36.2
          May 24, 2024 14:47:16.011423111 CEST5357034162.159.36.2192.168.2.6
          May 24, 2024 14:47:16.011504889 CEST5703453192.168.2.6162.159.36.2
          May 24, 2024 14:47:38.507905960 CEST6495353192.168.2.61.1.1.1
          May 24, 2024 14:47:38.513132095 CEST53649531.1.1.1192.168.2.6
          May 24, 2024 14:47:38.514377117 CEST6495353192.168.2.61.1.1.1
          May 24, 2024 14:47:38.514635086 CEST6495353192.168.2.61.1.1.1
          May 24, 2024 14:47:38.569896936 CEST53649531.1.1.1192.168.2.6
          May 24, 2024 14:47:38.755669117 CEST64954443192.168.2.6216.58.206.36
          May 24, 2024 14:47:38.755731106 CEST44364954216.58.206.36192.168.2.6
          May 24, 2024 14:47:38.756114006 CEST64954443192.168.2.6216.58.206.36
          May 24, 2024 14:47:38.756114006 CEST64954443192.168.2.6216.58.206.36
          May 24, 2024 14:47:38.756160021 CEST44364954216.58.206.36192.168.2.6
          May 24, 2024 14:47:39.014203072 CEST53649531.1.1.1192.168.2.6
          May 24, 2024 14:47:39.015072107 CEST6495353192.168.2.61.1.1.1
          May 24, 2024 14:47:39.025806904 CEST53649531.1.1.1192.168.2.6
          May 24, 2024 14:47:39.026160002 CEST6495353192.168.2.61.1.1.1
          May 24, 2024 14:47:39.433795929 CEST44364954216.58.206.36192.168.2.6
          May 24, 2024 14:47:39.434186935 CEST64954443192.168.2.6216.58.206.36
          May 24, 2024 14:47:39.434204102 CEST44364954216.58.206.36192.168.2.6
          May 24, 2024 14:47:39.435348988 CEST44364954216.58.206.36192.168.2.6
          May 24, 2024 14:47:39.435709000 CEST64954443192.168.2.6216.58.206.36
          May 24, 2024 14:47:39.435879946 CEST44364954216.58.206.36192.168.2.6
          May 24, 2024 14:47:39.483740091 CEST64954443192.168.2.6216.58.206.36
          May 24, 2024 14:47:43.218338013 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:43.218372107 CEST4436495640.113.110.67192.168.2.6
          May 24, 2024 14:47:43.218508959 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:43.220175982 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:43.220191002 CEST4436495640.113.110.67192.168.2.6
          May 24, 2024 14:47:44.062973976 CEST4436495640.113.110.67192.168.2.6
          May 24, 2024 14:47:44.063159943 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:44.066543102 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:44.066564083 CEST4436495640.113.110.67192.168.2.6
          May 24, 2024 14:47:44.066814899 CEST4436495640.113.110.67192.168.2.6
          May 24, 2024 14:47:44.069015980 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:44.069180965 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:44.069181919 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:44.069190979 CEST4436495640.113.110.67192.168.2.6
          May 24, 2024 14:47:44.114497900 CEST4436495640.113.110.67192.168.2.6
          May 24, 2024 14:47:44.291197062 CEST4436495640.113.110.67192.168.2.6
          May 24, 2024 14:47:44.291742086 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:44.291759014 CEST4436495640.113.110.67192.168.2.6
          May 24, 2024 14:47:44.291800022 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:44.291965961 CEST64956443192.168.2.640.113.110.67
          May 24, 2024 14:47:49.356823921 CEST44364954216.58.206.36192.168.2.6
          May 24, 2024 14:47:49.356913090 CEST44364954216.58.206.36192.168.2.6
          May 24, 2024 14:47:49.357034922 CEST64954443192.168.2.6216.58.206.36
          May 24, 2024 14:47:49.426398993 CEST64954443192.168.2.6216.58.206.36
          May 24, 2024 14:47:49.426435947 CEST44364954216.58.206.36192.168.2.6

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          May 24, 2024 14:46:37.033869028 CEST53588161.1.1.1192.168.2.6
          May 24, 2024 14:46:37.033886909 CEST53552941.1.1.1192.168.2.6
          May 24, 2024 14:46:38.097737074 CEST53597031.1.1.1192.168.2.6
          May 24, 2024 14:46:38.686928988 CEST5750253192.168.2.61.1.1.1
          May 24, 2024 14:46:38.687107086 CEST6421153192.168.2.61.1.1.1
          May 24, 2024 14:46:38.731215000 CEST53642111.1.1.1192.168.2.6
          May 24, 2024 14:46:38.731230021 CEST53575021.1.1.1192.168.2.6
          May 24, 2024 14:46:38.886950970 CEST5965953192.168.2.61.1.1.1
          May 24, 2024 14:46:38.888084888 CEST5199353192.168.2.61.1.1.1
          May 24, 2024 14:46:38.931035995 CEST53596591.1.1.1192.168.2.6
          May 24, 2024 14:46:38.935919046 CEST53519931.1.1.1192.168.2.6
          May 24, 2024 14:46:39.802798986 CEST6405953192.168.2.61.1.1.1
          May 24, 2024 14:46:39.803248882 CEST5403253192.168.2.61.1.1.1
          May 24, 2024 14:46:39.823548079 CEST53640591.1.1.1192.168.2.6
          May 24, 2024 14:46:39.876343966 CEST53540321.1.1.1192.168.2.6
          May 24, 2024 14:46:56.053339958 CEST53584631.1.1.1192.168.2.6
          May 24, 2024 14:47:15.465703011 CEST53548891.1.1.1192.168.2.6
          May 24, 2024 14:47:15.515496969 CEST5365488162.159.36.2192.168.2.6
          May 24, 2024 14:47:16.065041065 CEST53628911.1.1.1192.168.2.6
          May 24, 2024 14:47:36.552720070 CEST53649181.1.1.1192.168.2.6
          May 24, 2024 14:47:38.010350943 CEST53644091.1.1.1192.168.2.6
          May 24, 2024 14:47:38.507232904 CEST53573211.1.1.1192.168.2.6

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          May 24, 2024 14:46:38.686928988 CEST192.168.2.61.1.1.10xfa3fStandard query (0)www.google.comA (IP address)IN (0x0001)false
          May 24, 2024 14:46:38.687107086 CEST192.168.2.61.1.1.10x6f82Standard query (0)www.google.com65IN (0x0001)false
          May 24, 2024 14:46:38.886950970 CEST192.168.2.61.1.1.10x7e73Standard query (0)ibx2.netA (IP address)IN (0x0001)false
          May 24, 2024 14:46:38.888084888 CEST192.168.2.61.1.1.10x3f50Standard query (0)ibx2.net65IN (0x0001)false
          May 24, 2024 14:46:39.802798986 CEST192.168.2.61.1.1.10xc11fStandard query (0)ibx2.netA (IP address)IN (0x0001)false
          May 24, 2024 14:46:39.803248882 CEST192.168.2.61.1.1.10x7d87Standard query (0)ibx2.net65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          May 24, 2024 14:46:38.731215000 CEST1.1.1.1192.168.2.60x6f82No error (0)www.google.com65IN (0x0001)false
          May 24, 2024 14:46:38.731230021 CEST1.1.1.1192.168.2.60xfa3fNo error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
          May 24, 2024 14:46:38.931035995 CEST1.1.1.1192.168.2.60x7e73No error (0)ibx2.net34.111.8.32A (IP address)IN (0x0001)false
          May 24, 2024 14:46:39.823548079 CEST1.1.1.1192.168.2.60xc11fNo error (0)ibx2.net34.111.8.32A (IP address)IN (0x0001)false
          May 24, 2024 14:46:49.431946993 CEST1.1.1.1192.168.2.60x42e3No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          May 24, 2024 14:46:49.431946993 CEST1.1.1.1192.168.2.60x42e3No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
          May 24, 2024 14:47:11.255213976 CEST1.1.1.1192.168.2.60xe5d2No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
          May 24, 2024 14:47:11.255213976 CEST1.1.1.1192.168.2.60xe5d2No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
          May 24, 2024 14:47:30.523935080 CEST1.1.1.1192.168.2.60xce13No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
          May 24, 2024 14:47:30.523935080 CEST1.1.1.1192.168.2.60xce13No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
          May 24, 2024 14:48:05.070981026 CEST1.1.1.1192.168.2.60x9debNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
          May 24, 2024 14:48:05.070981026 CEST1.1.1.1192.168.2.60x9debNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • ibx2.net
          • https:
          • fs.microsoft.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination Port
          0192.168.2.64971040.113.110.67443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:36 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 76 77 54 66 34 55 44 6d 30 6d 6f 77 77 4f 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 33 38 64 38 65 62 30 65 37 37 61 63 64 61 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: WvwTf4UDm0mowwOJ.1Context: b338d8eb0e77acda
          2024-05-24 12:46:36 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:46:36 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 57 76 77 54 66 34 55 44 6d 30 6d 6f 77 77 4f 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 33 38 64 38 65 62 30 65 37 37 61 63 64 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 62 6b 2f 6e 54 63 64 6e 30 42 51 73 47 77 6b 2b 4e 6d 69 6e 39 39 59 44 4c 46 35 54 74 2f 6c 55 6e 7a 2f 39 61 49 49 6c 4a 77 59 54 5a 30 7a 47 41 75 65 34 6c 6c 52 78 2b 67 53 48 64 4f 66 73 2f 64 72 44 49 6e 36 67 68 34 41 2f 50 6b 61 4a 4a 63 67 44 66 63 44 74 6d 54 61 53 49 62 74 38 38 78 55 30 7a 6e 57 7a 38 32 55 70
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: WvwTf4UDm0mowwOJ.2Context: b338d8eb0e77acda<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQbk/nTcdn0BQsGwk+Nmin99YDLF5Tt/lUnz/9aIIlJwYTZ0zGAue4llRx+gSHdOfs/drDIn6gh4A/PkaJJcgDfcDtmTaSIbt88xU0znWz82Up
          2024-05-24 12:46:36 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 76 77 54 66 34 55 44 6d 30 6d 6f 77 77 4f 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 33 38 64 38 65 62 30 65 37 37 61 63 64 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: WvwTf4UDm0mowwOJ.3Context: b338d8eb0e77acda<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:46:36 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:46:36 UTC58INData Raw: 4d 53 2d 43 56 3a 20 68 64 57 76 63 74 41 56 6c 6b 61 74 69 6c 6c 63 49 5a 6d 39 39 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: hdWvctAVlkatillcIZm99A.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.64971734.111.8.324434148C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:39 UTC977OUTGET /ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA, HTTP/1.1
          Host: ibx2.net
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-05-24 12:46:39 UTC358INHTTP/1.1 200 OK
          Date: Fri, 24 May 2024 12:46:39 GMT
          Content-Type: image/gif
          Content-Length: 42
          cache-control: no-cache, no-store, must-revalidate
          expires: 0
          pragma: no-cache
          request-id: cp88obol2u3ibiigr1dg
          vary: Origin
          x-envoy-upstream-service-time: 0
          Via: 1.1 google
          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
          Connection: close
          2024-05-24 12:46:39 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
          Data Ascii: GIF89a!,D;


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.64971834.111.8.324434148C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:39 UTC898OUTGET /favicon.ico HTTP/1.1
          Host: ibx2.net
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: image
          Referer: https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA,
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-05-24 12:46:39 UTC323INHTTP/1.1 200 OK
          Date: Fri, 24 May 2024 12:46:39 GMT
          Content-Type: image/x-icon
          Content-Length: 1150
          last-modified: Thu, 23 May 2024 00:07:01 GMT
          etag: "664e88a5-47e"
          accept-ranges: bytes
          x-envoy-upstream-service-time: 0
          Via: 1.1 google
          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
          Connection: close
          2024-05-24 12:46:39 UTC1067INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f9 f9 f9 ff f4 f4 f4 ff ff ff ff ff ff ff ff ff ff ff ff ff fc fc fc ff f1 f1 f1 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b7 b6 b8 ff 89 88 8c ff ff ff ff ff ff ff ff ff ff ff ff ff da d9 db ff 73 72 76 ff f2 f2 f3 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
          Data Ascii: h( srv
          2024-05-24 12:46:39 UTC83INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Data Ascii:


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          3192.168.2.64972134.111.8.324434148C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:40 UTC343OUTGET /favicon.ico HTTP/1.1
          Host: ibx2.net
          Connection: keep-alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: */*
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-05-24 12:46:40 UTC323INHTTP/1.1 200 OK
          Date: Fri, 24 May 2024 12:46:40 GMT
          Content-Type: image/x-icon
          Content-Length: 1150
          last-modified: Thu, 23 May 2024 00:07:01 GMT
          etag: "664e88a5-47e"
          accept-ranges: bytes
          x-envoy-upstream-service-time: 0
          Via: 1.1 google
          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
          Connection: close
          2024-05-24 12:46:40 UTC1067INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f9 f9 f9 ff f4 f4 f4 ff ff ff ff ff ff ff ff ff ff ff ff ff fc fc fc ff f1 f1 f1 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b7 b6 b8 ff 89 88 8c ff ff ff ff ff ff ff ff ff ff ff ff ff da d9 db ff 73 72 76 ff f2 f2 f3 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
          Data Ascii: h( srv
          2024-05-24 12:46:40 UTC83INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Data Ascii:


          Session IDSource IPSource PortDestination IPDestination Port
          4192.168.2.64972240.113.110.67443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:41 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 68 78 76 70 74 43 6f 6e 55 2b 55 49 73 59 5a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 61 37 65 63 64 34 66 64 33 38 63 31 34 66 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: JhxvptConU+UIsYZ.1Context: 55a7ecd4fd38c14f
          2024-05-24 12:46:41 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:46:41 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4a 68 78 76 70 74 43 6f 6e 55 2b 55 49 73 59 5a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 61 37 65 63 64 34 66 64 33 38 63 31 34 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 62 6b 2f 6e 54 63 64 6e 30 42 51 73 47 77 6b 2b 4e 6d 69 6e 39 39 59 44 4c 46 35 54 74 2f 6c 55 6e 7a 2f 39 61 49 49 6c 4a 77 59 54 5a 30 7a 47 41 75 65 34 6c 6c 52 78 2b 67 53 48 64 4f 66 73 2f 64 72 44 49 6e 36 67 68 34 41 2f 50 6b 61 4a 4a 63 67 44 66 63 44 74 6d 54 61 53 49 62 74 38 38 78 55 30 7a 6e 57 7a 38 32 55 70
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: JhxvptConU+UIsYZ.2Context: 55a7ecd4fd38c14f<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQbk/nTcdn0BQsGwk+Nmin99YDLF5Tt/lUnz/9aIIlJwYTZ0zGAue4llRx+gSHdOfs/drDIn6gh4A/PkaJJcgDfcDtmTaSIbt88xU0znWz82Up
          2024-05-24 12:46:41 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4a 68 78 76 70 74 43 6f 6e 55 2b 55 49 73 59 5a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 61 37 65 63 64 34 66 64 33 38 63 31 34 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: JhxvptConU+UIsYZ.3Context: 55a7ecd4fd38c14f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:46:42 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:46:42 UTC58INData Raw: 4d 53 2d 43 56 3a 20 65 6e 72 51 41 69 6d 64 34 45 4b 63 6f 77 38 49 56 48 41 67 71 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: enrQAimd4EKcow8IVHAgqQ.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          5192.168.2.649724184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:42 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-05-24 12:46:42 UTC467INHTTP/1.1 200 OK
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-eus-z1
          Cache-Control: public, max-age=185012
          Date: Fri, 24 May 2024 12:46:42 GMT
          Connection: close
          X-CID: 2


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          6192.168.2.649725184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:43 UTC239OUTGET /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
          Range: bytes=0-2147483646
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-05-24 12:46:44 UTC515INHTTP/1.1 200 OK
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-weu-z1
          Cache-Control: public, max-age=184946
          Date: Fri, 24 May 2024 12:46:44 GMT
          Content-Length: 55
          Connection: close
          X-CID: 2
          2024-05-24 12:46:44 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


          Session IDSource IPSource PortDestination IPDestination Port
          7192.168.2.64973040.113.110.67443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:53 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 77 50 46 58 72 6c 49 4a 55 43 46 55 56 6b 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 64 32 61 39 64 32 65 35 33 61 30 36 39 38 39 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: /wPFXrlIJUCFUVkO.1Context: 8d2a9d2e53a06989
          2024-05-24 12:46:53 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:46:53 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 2f 77 50 46 58 72 6c 49 4a 55 43 46 55 56 6b 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 64 32 61 39 64 32 65 35 33 61 30 36 39 38 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 62 6b 2f 6e 54 63 64 6e 30 42 51 73 47 77 6b 2b 4e 6d 69 6e 39 39 59 44 4c 46 35 54 74 2f 6c 55 6e 7a 2f 39 61 49 49 6c 4a 77 59 54 5a 30 7a 47 41 75 65 34 6c 6c 52 78 2b 67 53 48 64 4f 66 73 2f 64 72 44 49 6e 36 67 68 34 41 2f 50 6b 61 4a 4a 63 67 44 66 63 44 74 6d 54 61 53 49 62 74 38 38 78 55 30 7a 6e 57 7a 38 32 55 70
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: /wPFXrlIJUCFUVkO.2Context: 8d2a9d2e53a06989<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQbk/nTcdn0BQsGwk+Nmin99YDLF5Tt/lUnz/9aIIlJwYTZ0zGAue4llRx+gSHdOfs/drDIn6gh4A/PkaJJcgDfcDtmTaSIbt88xU0znWz82Up
          2024-05-24 12:46:53 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 77 50 46 58 72 6c 49 4a 55 43 46 55 56 6b 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 64 32 61 39 64 32 65 35 33 61 30 36 39 38 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: /wPFXrlIJUCFUVkO.3Context: 8d2a9d2e53a06989<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:46:53 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:46:53 UTC58INData Raw: 4d 53 2d 43 56 3a 20 37 7a 53 36 4d 6e 48 59 39 45 36 46 66 42 61 4a 72 53 78 6b 57 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: 7zS6MnHY9E6FfBaJrSxkWw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          8192.168.2.64973140.113.110.67443
          TimestampBytes transferredDirectionData
          2024-05-24 12:47:14 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 61 51 49 63 48 6f 61 54 45 4f 46 35 34 6d 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 37 65 35 66 30 31 34 36 38 65 37 35 31 31 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: KaQIcHoaTEOF54m3.1Context: 437e5f01468e7511
          2024-05-24 12:47:14 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:47:14 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4b 61 51 49 63 48 6f 61 54 45 4f 46 35 34 6d 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 37 65 35 66 30 31 34 36 38 65 37 35 31 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 62 6b 2f 6e 54 63 64 6e 30 42 51 73 47 77 6b 2b 4e 6d 69 6e 39 39 59 44 4c 46 35 54 74 2f 6c 55 6e 7a 2f 39 61 49 49 6c 4a 77 59 54 5a 30 7a 47 41 75 65 34 6c 6c 52 78 2b 67 53 48 64 4f 66 73 2f 64 72 44 49 6e 36 67 68 34 41 2f 50 6b 61 4a 4a 63 67 44 66 63 44 74 6d 54 61 53 49 62 74 38 38 78 55 30 7a 6e 57 7a 38 32 55 70
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: KaQIcHoaTEOF54m3.2Context: 437e5f01468e7511<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQbk/nTcdn0BQsGwk+Nmin99YDLF5Tt/lUnz/9aIIlJwYTZ0zGAue4llRx+gSHdOfs/drDIn6gh4A/PkaJJcgDfcDtmTaSIbt88xU0znWz82Up
          2024-05-24 12:47:14 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4b 61 51 49 63 48 6f 61 54 45 4f 46 35 34 6d 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 37 65 35 66 30 31 34 36 38 65 37 35 31 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: KaQIcHoaTEOF54m3.3Context: 437e5f01468e7511<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:47:14 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:47:14 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6b 50 68 65 76 44 75 64 50 6b 4b 50 49 49 4c 68 47 33 46 71 70 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: kPhevDudPkKPIILhG3Fqpw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          9192.168.2.66495640.113.110.67443
          TimestampBytes transferredDirectionData
          2024-05-24 12:47:44 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 69 46 79 4c 42 67 38 70 55 6d 6e 66 78 4f 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 34 39 35 39 38 65 61 62 30 64 62 38 30 33 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: 6iFyLBg8pUmnfxOV.1Context: d749598eab0db803
          2024-05-24 12:47:44 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:47:44 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 36 69 46 79 4c 42 67 38 70 55 6d 6e 66 78 4f 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 34 39 35 39 38 65 61 62 30 64 62 38 30 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 62 6b 2f 6e 54 63 64 6e 30 42 51 73 47 77 6b 2b 4e 6d 69 6e 39 39 59 44 4c 46 35 54 74 2f 6c 55 6e 7a 2f 39 61 49 49 6c 4a 77 59 54 5a 30 7a 47 41 75 65 34 6c 6c 52 78 2b 67 53 48 64 4f 66 73 2f 64 72 44 49 6e 36 67 68 34 41 2f 50 6b 61 4a 4a 63 67 44 66 63 44 74 6d 54 61 53 49 62 74 38 38 78 55 30 7a 6e 57 7a 38 32 55 70
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 6iFyLBg8pUmnfxOV.2Context: d749598eab0db803<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQbk/nTcdn0BQsGwk+Nmin99YDLF5Tt/lUnz/9aIIlJwYTZ0zGAue4llRx+gSHdOfs/drDIn6gh4A/PkaJJcgDfcDtmTaSIbt88xU0znWz82Up
          2024-05-24 12:47:44 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 69 46 79 4c 42 67 38 70 55 6d 6e 66 78 4f 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 34 39 35 39 38 65 61 62 30 64 62 38 30 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: 6iFyLBg8pUmnfxOV.3Context: d749598eab0db803<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:47:44 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:47:44 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4f 66 6f 45 76 7a 4b 34 68 55 2b 52 67 47 76 31 58 69 49 44 4d 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: OfoEvzK4hU+RgGv1XiIDMg.0Payload parsing failed.


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:08:46:28
          Start date:24/05/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:08:46:35
          Start date:24/05/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=2724,i,12712622127196477524,10411998634779368472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:08:46:37
          Start date:24/05/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ibx2.net/ibx/em/opn/i039KSrgJ9M?x2=zQd8qda-XWeI_bDr6Nw_bVIlgP3zwBDJSJMrWPfVXp_EBHgqXbi_OVY3x6AaYbMLz44-X4NhpH3UnAp5Bb8dykNVpe7PekL-D4I6-UL0MEo1vGuRL3Oc6HCn7OERYAMTXGt49-JCyt2M8GYseP7PDnldwd5w9MklAkkPEwzEo7spzXfMcJFVC59isGqIvvfXjMhXcZo1yblkWDdSzx090ywAnSfNIIGHfUevf23qdBd8lJezQN6iHG6sLDo2krWRjMWWddT9xAhnGYxWGRh5JLuee_07CPnUUiawLw30nUA,"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly