Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.support.av-ro.com/aU3V88/c1.php

Overview

General Information

Sample URL:https://www.support.av-ro.com/aU3V88/c1.php
Analysis ID:1589692
Infos:
Errors
  • URL not reachable

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected non-DNS traffic on DNS port
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 5912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2332,i,7150791874960158825,1898553688990154955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 5308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.support.av-ro.com/aU3V88/c1.php" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://www.support.av-ro.com/aU3V88/c1.phpAvira URL Cloud: detection malicious, Label: phishing
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49783 version: TLS 1.0
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:61702 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.6:61639 -> 162.159.36.2:53
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49783 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: www.support.av-ro.com
Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 61705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:61702 version: TLS 1.2
Source: classification engineClassification label: mal48.win@18/0@8/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2332,i,7150791874960158825,1898553688990154955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.support.av-ro.com/aU3V88/c1.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2332,i,7150791874960158825,1898553688990154955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.support.av-ro.com/aU3V88/c1.php100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.35
truefalse
    		high
    s-part-0017.t-0009.t-msedge.net
    		13.107.246.45
    		truefalse
      		high
      www.google.com
      		142.250.186.100
      		truefalse
        		high
        www.support.av-ro.com
        		89.250.71.221
        		truefalse
          		unknown
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		high
            171.39.242.20.in-addr.arpa
            		unknown
            		unknownfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              89.250.71.221
              		www.support.av-ro.comNetherlands
              		41349MVMTECH-ASRUfalse
              142.250.186.100
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.6

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1589692
              Start date and time:2025-01-13 01:15:49 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 2m 29s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://www.support.av-ro.com/aU3V88/c1.php
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:10
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal48.win@18/0@8/4
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              Cookbook Comments:
              • URL browsing timeout or error

              Errors

              • URL not reachable

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.186.131, 172.217.18.14, 66.102.1.84, 142.250.186.46, 142.250.74.206, 184.28.90.27, 4.175.87.197, 192.229.221.95, 40.69.42.241, 217.20.57.35, 142.250.185.206, 13.85.23.206, 20.242.39.171, 172.202.163.200, 142.250.181.238, 142.250.184.227, 2.23.227.215, 2.23.227.208, 13.107.246.45
              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, e86303.dscx.akamaiedge.net, redirector.gvt1.com, ocsp.digicert.com, www.bing.com.edgekey.net, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.
              • VT rate limit hit for: https://www.support.av-ro.com/aU3V88/c1.php

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              No static file info

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 13, 2025 01:16:35.841737032 CET49673443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:35.841856956 CET49674443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:36.154186964 CET49672443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:43.780927896 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:43.780978918 CET4434971640.113.110.67192.168.2.6
              Jan 13, 2025 01:16:43.781086922 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:43.781666040 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:43.781680107 CET4434971640.113.110.67192.168.2.6
              Jan 13, 2025 01:16:44.577178955 CET4434971640.113.110.67192.168.2.6
              Jan 13, 2025 01:16:44.577313900 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:44.583220959 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:44.583230019 CET4434971640.113.110.67192.168.2.6
              Jan 13, 2025 01:16:44.583574057 CET4434971640.113.110.67192.168.2.6
              Jan 13, 2025 01:16:44.586860895 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:44.587064028 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:44.587070942 CET4434971640.113.110.67192.168.2.6
              Jan 13, 2025 01:16:44.587371111 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:44.635320902 CET4434971640.113.110.67192.168.2.6
              Jan 13, 2025 01:16:44.761913061 CET4434971640.113.110.67192.168.2.6
              Jan 13, 2025 01:16:44.762041092 CET4434971640.113.110.67192.168.2.6
              Jan 13, 2025 01:16:44.762216091 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:44.762415886 CET49716443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:45.449273109 CET49674443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:45.449285030 CET49673443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:45.761720896 CET49672443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:46.571397066 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:46.571434975 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:46.571523905 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:46.572441101 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:46.572459936 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:47.214350939 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:47.218024969 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:47.218054056 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:47.219131947 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:47.219232082 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:47.236979008 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:47.237067938 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:47.285527945 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:47.285574913 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:47.332379103 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:47.541943073 CET44349705173.222.162.64192.168.2.6
              Jan 13, 2025 01:16:47.542053938 CET49705443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:50.276293993 CET49732443192.168.2.689.250.71.221
              Jan 13, 2025 01:16:50.276329994 CET4434973289.250.71.221192.168.2.6
              Jan 13, 2025 01:16:50.276397943 CET49732443192.168.2.689.250.71.221
              Jan 13, 2025 01:16:50.276983023 CET49733443192.168.2.689.250.71.221
              Jan 13, 2025 01:16:50.277021885 CET4434973389.250.71.221192.168.2.6
              Jan 13, 2025 01:16:50.277080059 CET49733443192.168.2.689.250.71.221
              Jan 13, 2025 01:16:50.278275013 CET49733443192.168.2.689.250.71.221
              Jan 13, 2025 01:16:50.278292894 CET4434973389.250.71.221192.168.2.6
              Jan 13, 2025 01:16:50.278508902 CET49732443192.168.2.689.250.71.221
              Jan 13, 2025 01:16:50.278522968 CET4434973289.250.71.221192.168.2.6
              Jan 13, 2025 01:16:51.599620104 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:51.599663973 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:51.599739075 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:51.600384951 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:51.600410938 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:52.417793036 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:52.417937040 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:52.420437098 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:52.420453072 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:52.420798063 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:52.422940016 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:52.422983885 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:52.422995090 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:52.423187971 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:52.463340998 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:52.603724957 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:52.603782892 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:52.604305029 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:52.605253935 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:52.605253935 CET49740443192.168.2.640.113.110.67
              Jan 13, 2025 01:16:52.605282068 CET4434974040.113.110.67192.168.2.6
              Jan 13, 2025 01:16:57.130177975 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:57.130255938 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:57.130335093 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:58.775790930 CET49705443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:58.775887012 CET49705443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:58.776283979 CET49783443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:58.776329994 CET44349783173.222.162.64192.168.2.6
              Jan 13, 2025 01:16:58.776407957 CET49783443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:58.776716948 CET49783443192.168.2.6173.222.162.64
              Jan 13, 2025 01:16:58.776730061 CET44349783173.222.162.64192.168.2.6
              Jan 13, 2025 01:16:58.780641079 CET44349705173.222.162.64192.168.2.6
              Jan 13, 2025 01:16:58.780787945 CET44349705173.222.162.64192.168.2.6
              Jan 13, 2025 01:16:59.058324099 CET49718443192.168.2.6142.250.186.100
              Jan 13, 2025 01:16:59.058412075 CET44349718142.250.186.100192.168.2.6
              Jan 13, 2025 01:16:59.376060963 CET44349783173.222.162.64192.168.2.6
              Jan 13, 2025 01:16:59.376148939 CET49783443192.168.2.6173.222.162.64
              Jan 13, 2025 01:17:03.633915901 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:03.634010077 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:03.634108067 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:03.635241032 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:03.635271072 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:04.415005922 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:04.415132999 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:04.418899059 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:04.418927908 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:04.419262886 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:04.421144009 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:04.421406984 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:04.421418905 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:04.421791077 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:04.467331886 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:04.596716881 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:04.596802950 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:04.596908092 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:04.597148895 CET49815443192.168.2.640.113.110.67
              Jan 13, 2025 01:17:04.597191095 CET4434981540.113.110.67192.168.2.6
              Jan 13, 2025 01:17:11.734664917 CET6163953192.168.2.6162.159.36.2
              Jan 13, 2025 01:17:11.739837885 CET5361639162.159.36.2192.168.2.6
              Jan 13, 2025 01:17:11.739934921 CET6163953192.168.2.6162.159.36.2
              Jan 13, 2025 01:17:11.739973068 CET6163953192.168.2.6162.159.36.2
              Jan 13, 2025 01:17:11.744740963 CET5361639162.159.36.2192.168.2.6
              Jan 13, 2025 01:17:12.184273005 CET5361639162.159.36.2192.168.2.6
              Jan 13, 2025 01:17:12.185301065 CET6163953192.168.2.6162.159.36.2
              Jan 13, 2025 01:17:12.190351009 CET5361639162.159.36.2192.168.2.6
              Jan 13, 2025 01:17:12.190423012 CET6163953192.168.2.6162.159.36.2
              Jan 13, 2025 01:17:18.570314884 CET44349783173.222.162.64192.168.2.6
              Jan 13, 2025 01:17:18.570405960 CET49783443192.168.2.6173.222.162.64
              Jan 13, 2025 01:17:20.280431032 CET49733443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:20.280559063 CET49732443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:20.280591965 CET4434973389.250.71.221192.168.2.6
              Jan 13, 2025 01:17:20.280644894 CET49733443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:20.280740976 CET4434973289.250.71.221192.168.2.6
              Jan 13, 2025 01:17:20.280797958 CET49732443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:21.798687935 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:21.798733950 CET4436170240.113.103.199192.168.2.6
              Jan 13, 2025 01:17:21.798870087 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:21.799716949 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:21.799731970 CET4436170240.113.103.199192.168.2.6
              Jan 13, 2025 01:17:21.956264973 CET49707443192.168.2.640.126.32.74
              Jan 13, 2025 01:17:21.956319094 CET49707443192.168.2.640.126.32.74
              Jan 13, 2025 01:17:21.961250067 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:21.961271048 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:21.961297989 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:21.961311102 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:21.961325884 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.171699047 CET61705443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:22.171781063 CET4436170589.250.71.221192.168.2.6
              Jan 13, 2025 01:17:22.171951056 CET61705443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:22.172489882 CET61706443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:22.172600031 CET4436170689.250.71.221192.168.2.6
              Jan 13, 2025 01:17:22.172679901 CET61706443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:22.173069954 CET61705443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:22.173108101 CET4436170589.250.71.221192.168.2.6
              Jan 13, 2025 01:17:22.173345089 CET61706443192.168.2.689.250.71.221
              Jan 13, 2025 01:17:22.173376083 CET4436170689.250.71.221192.168.2.6
              Jan 13, 2025 01:17:22.340085030 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340106964 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340121984 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340195894 CET49707443192.168.2.640.126.32.74
              Jan 13, 2025 01:17:22.340415001 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340430975 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340447903 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340464115 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340471029 CET49707443192.168.2.640.126.32.74
              Jan 13, 2025 01:17:22.340480089 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340493917 CET49707443192.168.2.640.126.32.74
              Jan 13, 2025 01:17:22.340605974 CET49707443192.168.2.640.126.32.74
              Jan 13, 2025 01:17:22.340692997 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340708971 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340724945 CET4434970740.126.32.74192.168.2.6
              Jan 13, 2025 01:17:22.340759039 CET49707443192.168.2.640.126.32.74
              Jan 13, 2025 01:17:22.385854959 CET49707443192.168.2.640.126.32.74
              Jan 13, 2025 01:17:22.593679905 CET4436170240.113.103.199192.168.2.6
              Jan 13, 2025 01:17:22.593765974 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:22.597376108 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:22.597383022 CET4436170240.113.103.199192.168.2.6
              Jan 13, 2025 01:17:22.597696066 CET4436170240.113.103.199192.168.2.6
              Jan 13, 2025 01:17:22.600678921 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:22.600861073 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:22.600866079 CET4436170240.113.103.199192.168.2.6
              Jan 13, 2025 01:17:22.601361990 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:22.647320032 CET4436170240.113.103.199192.168.2.6
              Jan 13, 2025 01:17:22.775739908 CET4436170240.113.103.199192.168.2.6
              Jan 13, 2025 01:17:22.775861025 CET4436170240.113.103.199192.168.2.6
              Jan 13, 2025 01:17:22.775912046 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:22.776428938 CET61702443192.168.2.640.113.103.199
              Jan 13, 2025 01:17:22.776443005 CET4436170240.113.103.199192.168.2.6

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jan 13, 2025 01:16:42.508433104 CET53493201.1.1.1192.168.2.6
              Jan 13, 2025 01:16:42.578133106 CET53597731.1.1.1192.168.2.6
              Jan 13, 2025 01:16:43.549216986 CET53592111.1.1.1192.168.2.6
              Jan 13, 2025 01:16:46.561920881 CET5511553192.168.2.61.1.1.1
              Jan 13, 2025 01:16:46.562047005 CET5593753192.168.2.61.1.1.1
              Jan 13, 2025 01:16:46.568651915 CET53551151.1.1.1192.168.2.6
              Jan 13, 2025 01:16:46.568726063 CET53559371.1.1.1192.168.2.6
              Jan 13, 2025 01:16:48.576527119 CET6204353192.168.2.61.1.1.1
              Jan 13, 2025 01:16:48.577042103 CET5528153192.168.2.61.1.1.1
              Jan 13, 2025 01:16:49.637059927 CET6362753192.168.2.61.1.1.1
              Jan 13, 2025 01:16:49.641247034 CET6466953192.168.2.61.1.1.1
              Jan 13, 2025 01:16:50.156013012 CET53620431.1.1.1192.168.2.6
              Jan 13, 2025 01:16:52.439677000 CET53636271.1.1.1192.168.2.6
              Jan 13, 2025 01:16:54.916331053 CET53552811.1.1.1192.168.2.6
              Jan 13, 2025 01:16:56.723217010 CET53646691.1.1.1192.168.2.6
              Jan 13, 2025 01:17:00.989218950 CET53551711.1.1.1192.168.2.6
              Jan 13, 2025 01:17:11.733881950 CET5356470162.159.36.2192.168.2.6
              Jan 13, 2025 01:17:12.200361967 CET6269053192.168.2.61.1.1.1
              Jan 13, 2025 01:17:12.207364082 CET53626901.1.1.1192.168.2.6
              Jan 13, 2025 01:17:22.108134031 CET5895953192.168.2.61.1.1.1
              Jan 13, 2025 01:17:22.168831110 CET53589591.1.1.1192.168.2.6

              ICMP Packets

              TimestampSource IPDest IPChecksumCodeType
              Jan 13, 2025 01:16:52.439789057 CET192.168.2.61.1.1.1c1fd(Port unreachable)Destination Unreachable
              Jan 13, 2025 01:16:54.916409016 CET192.168.2.61.1.1.1c1ed(Port unreachable)Destination Unreachable
              Jan 13, 2025 01:16:56.723331928 CET192.168.2.61.1.1.1c244(Port unreachable)Destination Unreachable

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Jan 13, 2025 01:16:46.561920881 CET192.168.2.61.1.1.10x5a75Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:46.562047005 CET192.168.2.61.1.1.10xd89eStandard query (0)www.google.com65IN (0x0001)false
              Jan 13, 2025 01:16:48.576527119 CET192.168.2.61.1.1.10xf7bbStandard query (0)www.support.av-ro.comA (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:48.577042103 CET192.168.2.61.1.1.10x9e44Standard query (0)www.support.av-ro.com65IN (0x0001)false
              Jan 13, 2025 01:16:49.637059927 CET192.168.2.61.1.1.10x2816Standard query (0)www.support.av-ro.comA (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:49.641247034 CET192.168.2.61.1.1.10x20efStandard query (0)www.support.av-ro.com65IN (0x0001)false
              Jan 13, 2025 01:17:12.200361967 CET192.168.2.61.1.1.10x4617Standard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
              Jan 13, 2025 01:17:22.108134031 CET192.168.2.61.1.1.10x7608Standard query (0)www.support.av-ro.comA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jan 13, 2025 01:16:46.568651915 CET1.1.1.1192.168.2.60x5a75No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:46.568726063 CET1.1.1.1192.168.2.60xd89eNo error (0)www.google.com65IN (0x0001)false
              Jan 13, 2025 01:16:47.213180065 CET1.1.1.1192.168.2.60x6e67No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
              Jan 13, 2025 01:16:47.213180065 CET1.1.1.1192.168.2.60x6e67No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:50.156013012 CET1.1.1.1192.168.2.60xf7bbNo error (0)www.support.av-ro.com89.250.71.221A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:52.439677000 CET1.1.1.1192.168.2.60x2816No error (0)www.support.av-ro.com89.250.71.221A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:54.916331053 CET1.1.1.1192.168.2.60x9e44Server failure (2)www.support.av-ro.comnonenone65IN (0x0001)false
              Jan 13, 2025 01:16:56.669718981 CET1.1.1.1192.168.2.60x533cNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jan 13, 2025 01:16:56.669718981 CET1.1.1.1192.168.2.60x533cNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:58.632992029 CET1.1.1.1192.168.2.60xb8f1No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:58.632992029 CET1.1.1.1192.168.2.60xb8f1No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.18A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:58.632992029 CET1.1.1.1192.168.2.60xb8f1No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.20A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:58.632992029 CET1.1.1.1192.168.2.60xb8f1No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:58.632992029 CET1.1.1.1192.168.2.60xb8f1No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.36A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:58.632992029 CET1.1.1.1192.168.2.60xb8f1No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:58.632992029 CET1.1.1.1192.168.2.60xb8f1No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.23A (IP address)IN (0x0001)false
              Jan 13, 2025 01:16:58.632992029 CET1.1.1.1192.168.2.60xb8f1No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.39A (IP address)IN (0x0001)false
              Jan 13, 2025 01:17:12.207364082 CET1.1.1.1192.168.2.60x4617Name error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
              Jan 13, 2025 01:17:22.168831110 CET1.1.1.1192.168.2.60x7608No error (0)www.support.av-ro.com89.250.71.221A (IP address)IN (0x0001)false

              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination Port
              0192.168.2.64971640.113.110.67443
              TimestampBytes transferredDirectionData
              2025-01-13 00:16:44 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 48 6f 2f 2f 67 78 6c 38 45 4b 6b 48 37 33 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 35 64 30 39 64 38 64 37 34 38 33 39 64 36 35 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: uHo//gxl8EKkH73v.1Context: b5d09d8d74839d65
              2025-01-13 00:16:44 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2025-01-13 00:16:44 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 75 48 6f 2f 2f 67 78 6c 38 45 4b 6b 48 37 33 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 35 64 30 39 64 38 64 37 34 38 33 39 64 36 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 49 46 6e 66 37 2f 70 38 73 4c 65 64 2f 63 4c 58 63 4c 66 30 4b 43 56 55 5a 4b 55 30 50 56 4f 32 72 65 77 75 38 34 65 6e 75 31 72 2b 6b 48 42 46 4d 4d 65 52 48 4c 41 6b 7a 72 52 34 51 58 78 64 4d 76 64 39 55 55 52 79 51 45 72 78 2f 42 38 32 4b 32 65 4b 50 71 36 2b 6f 30 45 65 49 44 36 6e 42 34 75 45 30 38 34 36 44 58 42 68
              Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: uHo//gxl8EKkH73v.2Context: b5d09d8d74839d65<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfIFnf7/p8sLed/cLXcLf0KCVUZKU0PVO2rewu84enu1r+kHBFMMeRHLAkzrR4QXxdMvd9UURyQErx/B82K2eKPq6+o0EeID6nB4uE0846DXBh
              2025-01-13 00:16:44 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 75 48 6f 2f 2f 67 78 6c 38 45 4b 6b 48 37 33 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 35 64 30 39 64 38 64 37 34 38 33 39 64 36 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: uHo//gxl8EKkH73v.3Context: b5d09d8d74839d65<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2025-01-13 00:16:44 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2025-01-13 00:16:44 UTC58INData Raw: 4d 53 2d 43 56 3a 20 71 45 34 44 36 49 44 38 72 6b 57 75 37 30 49 6f 51 33 5a 2f 49 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: qE4D6ID8rkWu70IoQ3Z/Iw.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              1192.168.2.64974040.113.110.67443
              TimestampBytes transferredDirectionData
              2025-01-13 00:16:52 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 66 4c 70 45 51 33 4e 6b 55 65 44 49 32 70 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 62 64 62 35 30 36 32 63 31 34 39 36 62 31 34 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: WfLpEQ3NkUeDI2ph.1Context: dbdb5062c1496b14
              2025-01-13 00:16:52 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2025-01-13 00:16:52 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 66 4c 70 45 51 33 4e 6b 55 65 44 49 32 70 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 62 64 62 35 30 36 32 63 31 34 39 36 62 31 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 49 46 6e 66 37 2f 70 38 73 4c 65 64 2f 63 4c 58 63 4c 66 30 4b 43 56 55 5a 4b 55 30 50 56 4f 32 72 65 77 75 38 34 65 6e 75 31 72 2b 6b 48 42 46 4d 4d 65 52 48 4c 41 6b 7a 72 52 34 51 58 78 64 4d 76 64 39 55 55 52 79 51 45 72 78 2f 42 38 32 4b 32 65 4b 50 71 36 2b 6f 30 45 65 49 44 36 6e 42 34 75 45 30 38 34 36 44 58 42 68
              Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WfLpEQ3NkUeDI2ph.2Context: dbdb5062c1496b14<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfIFnf7/p8sLed/cLXcLf0KCVUZKU0PVO2rewu84enu1r+kHBFMMeRHLAkzrR4QXxdMvd9UURyQErx/B82K2eKPq6+o0EeID6nB4uE0846DXBh
              2025-01-13 00:16:52 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 66 4c 70 45 51 33 4e 6b 55 65 44 49 32 70 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 62 64 62 35 30 36 32 63 31 34 39 36 62 31 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: WfLpEQ3NkUeDI2ph.3Context: dbdb5062c1496b14<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2025-01-13 00:16:52 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2025-01-13 00:16:52 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2f 48 64 5a 34 44 4c 54 2f 55 69 50 67 49 6a 32 68 6f 78 2f 71 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: /HdZ4DLT/UiPgIj2hox/qA.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              2192.168.2.64981540.113.110.67443
              TimestampBytes transferredDirectionData
              2025-01-13 00:17:04 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 45 48 39 2b 33 6f 4c 4d 47 55 43 6b 42 67 74 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 38 64 64 39 36 63 34 31 38 32 64 34 63 61 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: EH9+3oLMGUCkBgtx.1Context: 7b8dd96c4182d4ca
              2025-01-13 00:17:04 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2025-01-13 00:17:04 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 45 48 39 2b 33 6f 4c 4d 47 55 43 6b 42 67 74 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 38 64 64 39 36 63 34 31 38 32 64 34 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 49 46 6e 66 37 2f 70 38 73 4c 65 64 2f 63 4c 58 63 4c 66 30 4b 43 56 55 5a 4b 55 30 50 56 4f 32 72 65 77 75 38 34 65 6e 75 31 72 2b 6b 48 42 46 4d 4d 65 52 48 4c 41 6b 7a 72 52 34 51 58 78 64 4d 76 64 39 55 55 52 79 51 45 72 78 2f 42 38 32 4b 32 65 4b 50 71 36 2b 6f 30 45 65 49 44 36 6e 42 34 75 45 30 38 34 36 44 58 42 68
              Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: EH9+3oLMGUCkBgtx.2Context: 7b8dd96c4182d4ca<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfIFnf7/p8sLed/cLXcLf0KCVUZKU0PVO2rewu84enu1r+kHBFMMeRHLAkzrR4QXxdMvd9UURyQErx/B82K2eKPq6+o0EeID6nB4uE0846DXBh
              2025-01-13 00:17:04 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 45 48 39 2b 33 6f 4c 4d 47 55 43 6b 42 67 74 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 38 64 64 39 36 63 34 31 38 32 64 34 63 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: EH9+3oLMGUCkBgtx.3Context: 7b8dd96c4182d4ca<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2025-01-13 00:17:04 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2025-01-13 00:17:04 UTC58INData Raw: 4d 53 2d 43 56 3a 20 57 35 65 4c 76 47 4c 58 33 45 57 4e 79 52 39 63 2f 64 38 69 34 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: W5eLvGLX3EWNyR9c/d8i4w.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              3192.168.2.66170240.113.103.199443
              TimestampBytes transferredDirectionData
              2025-01-13 00:17:22 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 69 49 7a 6f 35 30 39 55 45 32 59 37 52 6d 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 34 35 31 39 65 34 65 61 34 64 38 36 66 31 64 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: NiIzo509UE2Y7Rmr.1Context: 84519e4ea4d86f1d
              2025-01-13 00:17:22 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2025-01-13 00:17:22 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4e 69 49 7a 6f 35 30 39 55 45 32 59 37 52 6d 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 34 35 31 39 65 34 65 61 34 64 38 36 66 31 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 49 46 6e 66 37 2f 70 38 73 4c 65 64 2f 63 4c 58 63 4c 66 30 4b 43 56 55 5a 4b 55 30 50 56 4f 32 72 65 77 75 38 34 65 6e 75 31 72 2b 6b 48 42 46 4d 4d 65 52 48 4c 41 6b 7a 72 52 34 51 58 78 64 4d 76 64 39 55 55 52 79 51 45 72 78 2f 42 38 32 4b 32 65 4b 50 71 36 2b 6f 30 45 65 49 44 36 6e 42 34 75 45 30 38 34 36 44 58 42 68
              Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: NiIzo509UE2Y7Rmr.2Context: 84519e4ea4d86f1d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfIFnf7/p8sLed/cLXcLf0KCVUZKU0PVO2rewu84enu1r+kHBFMMeRHLAkzrR4QXxdMvd9UURyQErx/B82K2eKPq6+o0EeID6nB4uE0846DXBh
              2025-01-13 00:17:22 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 69 49 7a 6f 35 30 39 55 45 32 59 37 52 6d 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 34 35 31 39 65 34 65 61 34 64 38 36 66 31 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: NiIzo509UE2Y7Rmr.3Context: 84519e4ea4d86f1d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2025-01-13 00:17:22 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2025-01-13 00:17:22 UTC58INData Raw: 4d 53 2d 43 56 3a 20 44 36 48 66 38 7a 50 55 4c 6b 75 65 42 4b 31 70 31 51 41 78 52 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: D6Hf8zPULkueBK1p1QAxRA.0Payload parsing failed.


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:1
              Start time:19:16:37
              Start date:12/01/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff684c40000
              File size:3'242'272 bytes
              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:3
              Start time:19:16:40
              Start date:12/01/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2332,i,7150791874960158825,1898553688990154955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff684c40000
              File size:3'242'272 bytes
              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:4
              Start time:19:16:47
              Start date:12/01/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.support.av-ro.com/aU3V88/c1.php"
              Imagebase:0x7ff684c40000
              File size:3'242'272 bytes
              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              No disassembly