Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.support.wt-nx.com/aU3V88/c1.php

Overview

General Information

Sample URL:https://www.support.wt-nx.com/aU3V88/c1.php
Analysis ID:1589716
Infos:
Errors
  • URL not reachable

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 2156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2528,i,15521519275326721574,13365411018387411890,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 5708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.support.wt-nx.com/aU3V88/c1.php" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://www.support.wt-nx.com/aU3V88/c1.phpAvira URL Cloud: detection malicious, Label: phishing
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49970 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: www.support.wt-nx.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49970 version: TLS 1.2
Source: classification engineClassification label: mal48.win@18/0@6/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2528,i,15521519275326721574,13365411018387411890,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.support.wt-nx.com/aU3V88/c1.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2528,i,15521519275326721574,13365411018387411890,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.support.wt-nx.com/aU3V88/c1.php100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    www.support.wt-nx.com
    		89.250.71.221
    		truefalse
      		unknown
      www.google.com
      		216.58.206.68
      		truefalse
        		high
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          89.250.71.221
          		www.support.wt-nx.comNetherlands
          		41349MVMTECH-ASRUfalse
          216.58.206.68
          		www.google.comUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.6

          General Information

          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1589716
          Start date and time:2025-01-13 01:39:02 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 2m 36s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:https://www.support.wt-nx.com/aU3V88/c1.php
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:10
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal48.win@18/0@6/4
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • URL browsing timeout or error

          Errors

          • URL not reachable

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.186.174, 142.250.110.84, 142.250.184.206, 142.250.185.142, 142.250.186.110, 184.28.90.27, 172.202.163.200, 192.229.221.95, 40.69.42.241, 2.22.50.144, 2.22.50.131, 216.58.206.78, 172.217.18.14, 20.3.187.198, 142.250.181.227, 142.250.185.110, 13.107.246.45
          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: https://www.support.wt-nx.com/aU3V88/c1.php

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          No static file info

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jan 13, 2025 01:39:48.476958990 CET49674443192.168.2.6173.222.162.64
          Jan 13, 2025 01:39:48.492541075 CET49673443192.168.2.6173.222.162.64
          Jan 13, 2025 01:39:48.805063963 CET49672443192.168.2.6173.222.162.64
          Jan 13, 2025 01:39:57.670145035 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:57.670155048 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:39:57.670264959 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:57.671103001 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:57.671114922 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:39:58.100414038 CET49673443192.168.2.6173.222.162.64
          Jan 13, 2025 01:39:58.131663084 CET49674443192.168.2.6173.222.162.64
          Jan 13, 2025 01:39:58.471004009 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:39:58.471076012 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:58.478429079 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:58.478439093 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:39:58.478823900 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:39:58.481803894 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:58.481873035 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:58.481877089 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:39:58.482008934 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:58.522314072 CET49672443192.168.2.6173.222.162.64
          Jan 13, 2025 01:39:58.523319960 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:39:58.652000904 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:39:58.652251959 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:39:58.652317047 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:58.652686119 CET49712443192.168.2.640.113.110.67
          Jan 13, 2025 01:39:58.652697086 CET4434971240.113.110.67192.168.2.6
          Jan 13, 2025 01:40:00.136203051 CET44349705173.222.162.64192.168.2.6
          Jan 13, 2025 01:40:00.136476994 CET49705443192.168.2.6173.222.162.64
          Jan 13, 2025 01:40:01.648890972 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:01.648947954 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:01.649015903 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:01.649240971 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:01.649277925 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:02.311990023 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:02.312284946 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:02.312323093 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:02.313982010 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:02.314059019 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:02.630904913 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:02.631228924 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:02.678463936 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:02.678494930 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:02.725346088 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:05.775058985 CET49742443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:05.775120974 CET4434974289.250.71.221192.168.2.6
          Jan 13, 2025 01:40:05.775193930 CET49742443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:05.775645018 CET49743443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:05.775700092 CET4434974389.250.71.221192.168.2.6
          Jan 13, 2025 01:40:05.775760889 CET49743443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:05.776252031 CET49743443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:05.776274920 CET4434974389.250.71.221192.168.2.6
          Jan 13, 2025 01:40:05.776397943 CET49742443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:05.776417017 CET4434974289.250.71.221192.168.2.6
          Jan 13, 2025 01:40:06.067821980 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:06.067888021 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:06.068042994 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:06.068707943 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:06.068727016 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:06.855423927 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:06.855504990 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:06.857589006 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:06.857599974 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:06.858438015 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:06.860393047 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:06.860521078 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:06.860527039 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:06.860652924 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:06.903362036 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:07.030761957 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:07.030950069 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:07.031191111 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:07.035303116 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:07.035329103 CET4434974440.113.110.67192.168.2.6
          Jan 13, 2025 01:40:07.035355091 CET49744443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:12.200661898 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:12.200789928 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:12.201000929 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:13.851250887 CET49719443192.168.2.6216.58.206.68
          Jan 13, 2025 01:40:13.851310968 CET44349719216.58.206.68192.168.2.6
          Jan 13, 2025 01:40:19.770025969 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:19.770068884 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:19.770126104 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:19.772444010 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:19.772460938 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:20.585803986 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:20.585900068 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:20.597986937 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:20.598006010 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:20.598217964 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:20.602835894 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:20.602895021 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:20.602900982 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:20.603126049 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:20.643321991 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:20.781150103 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:20.781270027 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:20.781439066 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:20.784760952 CET49830443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:20.784774065 CET4434983040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:35.779257059 CET49743443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:35.779397011 CET4434974389.250.71.221192.168.2.6
          Jan 13, 2025 01:40:35.779407024 CET49742443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:35.779607058 CET49743443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:35.779617071 CET4434974289.250.71.221192.168.2.6
          Jan 13, 2025 01:40:35.779670000 CET49742443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:37.288321972 CET49933443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:37.288367033 CET4434993389.250.71.221192.168.2.6
          Jan 13, 2025 01:40:37.288440943 CET49933443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:37.288857937 CET49934443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:37.288907051 CET4434993489.250.71.221192.168.2.6
          Jan 13, 2025 01:40:37.289134979 CET49934443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:37.289459944 CET49933443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:37.289477110 CET4434993389.250.71.221192.168.2.6
          Jan 13, 2025 01:40:37.293592930 CET49934443192.168.2.689.250.71.221
          Jan 13, 2025 01:40:37.293632030 CET4434993489.250.71.221192.168.2.6
          Jan 13, 2025 01:40:42.840603113 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:42.840675116 CET4434997040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:42.840785980 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:42.841633081 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:42.841660023 CET4434997040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:43.646436930 CET4434997040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:43.646523952 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:43.649225950 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:43.649246931 CET4434997040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:43.649502039 CET4434997040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:43.651360035 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:43.651437044 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:43.651446104 CET4434997040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:43.651607037 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:43.699336052 CET4434997040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:43.825800896 CET4434997040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:43.826008081 CET4434997040.113.110.67192.168.2.6
          Jan 13, 2025 01:40:43.826076031 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:43.826261044 CET49970443192.168.2.640.113.110.67
          Jan 13, 2025 01:40:43.826282024 CET4434997040.113.110.67192.168.2.6

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jan 13, 2025 01:39:57.639512062 CET53545121.1.1.1192.168.2.6
          Jan 13, 2025 01:39:57.653444052 CET53595401.1.1.1192.168.2.6
          Jan 13, 2025 01:39:58.681741953 CET53522071.1.1.1192.168.2.6
          Jan 13, 2025 01:40:01.640693903 CET6074753192.168.2.61.1.1.1
          Jan 13, 2025 01:40:01.640947104 CET5254553192.168.2.61.1.1.1
          Jan 13, 2025 01:40:01.647356987 CET53607471.1.1.1192.168.2.6
          Jan 13, 2025 01:40:01.647521973 CET53525451.1.1.1192.168.2.6
          Jan 13, 2025 01:40:03.605573893 CET4926953192.168.2.61.1.1.1
          Jan 13, 2025 01:40:03.606314898 CET6433753192.168.2.61.1.1.1
          Jan 13, 2025 01:40:04.738828897 CET6007753192.168.2.61.1.1.1
          Jan 13, 2025 01:40:04.739200115 CET6458753192.168.2.61.1.1.1
          Jan 13, 2025 01:40:05.723015070 CET53492691.1.1.1192.168.2.6
          Jan 13, 2025 01:40:06.279902935 CET53600771.1.1.1192.168.2.6
          Jan 13, 2025 01:40:06.777009010 CET53645871.1.1.1192.168.2.6
          Jan 13, 2025 01:40:07.766983032 CET53643371.1.1.1192.168.2.6
          Jan 13, 2025 01:40:15.781337023 CET53616191.1.1.1192.168.2.6
          Jan 13, 2025 01:40:33.593976974 CET53646591.1.1.1192.168.2.6
          Jan 13, 2025 01:40:34.880383968 CET53578091.1.1.1192.168.2.6

          ICMP Packets

          TimestampSource IPDest IPChecksumCodeType
          Jan 13, 2025 01:40:06.279970884 CET192.168.2.61.1.1.1c1fd(Port unreachable)Destination Unreachable
          Jan 13, 2025 01:40:07.767107010 CET192.168.2.61.1.1.1c244(Port unreachable)Destination Unreachable

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Jan 13, 2025 01:40:01.640693903 CET192.168.2.61.1.1.10x5e7eStandard query (0)www.google.comA (IP address)IN (0x0001)false
          Jan 13, 2025 01:40:01.640947104 CET192.168.2.61.1.1.10x332aStandard query (0)www.google.com65IN (0x0001)false
          Jan 13, 2025 01:40:03.605573893 CET192.168.2.61.1.1.10x8e70Standard query (0)www.support.wt-nx.comA (IP address)IN (0x0001)false
          Jan 13, 2025 01:40:03.606314898 CET192.168.2.61.1.1.10xf26eStandard query (0)www.support.wt-nx.com65IN (0x0001)false
          Jan 13, 2025 01:40:04.738828897 CET192.168.2.61.1.1.10xd017Standard query (0)www.support.wt-nx.comA (IP address)IN (0x0001)false
          Jan 13, 2025 01:40:04.739200115 CET192.168.2.61.1.1.10x3050Standard query (0)www.support.wt-nx.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Jan 13, 2025 01:40:01.647356987 CET1.1.1.1192.168.2.60x5e7eNo error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
          Jan 13, 2025 01:40:01.647521973 CET1.1.1.1192.168.2.60x332aNo error (0)www.google.com65IN (0x0001)false
          Jan 13, 2025 01:40:05.723015070 CET1.1.1.1192.168.2.60x8e70No error (0)www.support.wt-nx.com89.250.71.221A (IP address)IN (0x0001)false
          Jan 13, 2025 01:40:06.279902935 CET1.1.1.1192.168.2.60xd017No error (0)www.support.wt-nx.com89.250.71.221A (IP address)IN (0x0001)false
          Jan 13, 2025 01:40:09.480468035 CET1.1.1.1192.168.2.60x67b6No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Jan 13, 2025 01:40:09.480468035 CET1.1.1.1192.168.2.60x67b6No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
          Jan 13, 2025 01:40:30.946053028 CET1.1.1.1192.168.2.60x9bd3No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
          Jan 13, 2025 01:40:30.946053028 CET1.1.1.1192.168.2.60x9bd3No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination Port
          0192.168.2.64971240.113.110.67443
          TimestampBytes transferredDirectionData
          2025-01-13 00:39:58 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 4c 51 77 31 75 44 6e 50 6b 6d 66 36 2b 62 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 37 30 61 38 31 66 30 38 36 34 66 61 36 63 38 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: xLQw1uDnPkmf6+bz.1Context: e70a81f0864fa6c8
          2025-01-13 00:39:58 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2025-01-13 00:39:58 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 78 4c 51 77 31 75 44 6e 50 6b 6d 66 36 2b 62 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 37 30 61 38 31 66 30 38 36 34 66 61 36 63 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 58 52 66 4e 32 34 79 32 2b 6c 33 69 36 66 48 6d 4b 75 75 56 35 39 4f 52 53 50 48 6d 30 58 6d 4f 43 78 5a 4e 46 51 62 78 6b 49 53 34 46 52 57 77 75 72 54 34 37 37 37 47 30 73 6e 57 78 50 4e 71 6c 53 58 69 79 39 31 41 77 2f 79 43 63 33 66 39 32 6d 62 76 4c 5a 37 41 63 79 2b 4a 46 55 52 6f 30 6e 71 4b 6c 73 5a 41 57 66 32 4d
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: xLQw1uDnPkmf6+bz.2Context: e70a81f0864fa6c8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVXRfN24y2+l3i6fHmKuuV59ORSPHm0XmOCxZNFQbxkIS4FRWwurT4777G0snWxPNqlSXiy91Aw/yCc3f92mbvLZ7Acy+JFURo0nqKlsZAWf2M
          2025-01-13 00:39:58 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 78 4c 51 77 31 75 44 6e 50 6b 6d 66 36 2b 62 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 37 30 61 38 31 66 30 38 36 34 66 61 36 63 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: xLQw1uDnPkmf6+bz.3Context: e70a81f0864fa6c8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2025-01-13 00:39:58 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2025-01-13 00:39:58 UTC58INData Raw: 4d 53 2d 43 56 3a 20 52 66 36 57 35 49 2f 55 43 6b 57 45 35 4d 36 51 57 45 53 52 59 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: Rf6W5I/UCkWE5M6QWESRYA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          1192.168.2.64974440.113.110.67443
          TimestampBytes transferredDirectionData
          2025-01-13 00:40:06 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 79 68 39 32 38 64 31 37 2b 45 4f 4b 6d 6f 36 57 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 36 39 31 38 61 38 34 36 38 63 39 37 31 61 61 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: yh928d17+EOKmo6W.1Context: e6918a8468c971aa
          2025-01-13 00:40:06 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2025-01-13 00:40:06 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 79 68 39 32 38 64 31 37 2b 45 4f 4b 6d 6f 36 57 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 36 39 31 38 61 38 34 36 38 63 39 37 31 61 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 58 52 66 4e 32 34 79 32 2b 6c 33 69 36 66 48 6d 4b 75 75 56 35 39 4f 52 53 50 48 6d 30 58 6d 4f 43 78 5a 4e 46 51 62 78 6b 49 53 34 46 52 57 77 75 72 54 34 37 37 37 47 30 73 6e 57 78 50 4e 71 6c 53 58 69 79 39 31 41 77 2f 79 43 63 33 66 39 32 6d 62 76 4c 5a 37 41 63 79 2b 4a 46 55 52 6f 30 6e 71 4b 6c 73 5a 41 57 66 32 4d
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: yh928d17+EOKmo6W.2Context: e6918a8468c971aa<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVXRfN24y2+l3i6fHmKuuV59ORSPHm0XmOCxZNFQbxkIS4FRWwurT4777G0snWxPNqlSXiy91Aw/yCc3f92mbvLZ7Acy+JFURo0nqKlsZAWf2M
          2025-01-13 00:40:06 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 79 68 39 32 38 64 31 37 2b 45 4f 4b 6d 6f 36 57 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 36 39 31 38 61 38 34 36 38 63 39 37 31 61 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: yh928d17+EOKmo6W.3Context: e6918a8468c971aa<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2025-01-13 00:40:07 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2025-01-13 00:40:07 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4e 68 32 38 71 2f 62 41 73 30 4f 6d 73 2b 73 44 73 39 68 44 4f 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: Nh28q/bAs0Oms+sDs9hDOQ.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          2192.168.2.64983040.113.110.67443
          TimestampBytes transferredDirectionData
          2025-01-13 00:40:20 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 79 4a 58 63 57 72 57 61 4c 6b 69 64 4f 6c 4e 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 66 37 36 39 39 32 34 39 61 36 63 63 35 36 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: yJXcWrWaLkidOlNb.1Context: e9f7699249a6cc56
          2025-01-13 00:40:20 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2025-01-13 00:40:20 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 79 4a 58 63 57 72 57 61 4c 6b 69 64 4f 6c 4e 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 66 37 36 39 39 32 34 39 61 36 63 63 35 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 58 52 66 4e 32 34 79 32 2b 6c 33 69 36 66 48 6d 4b 75 75 56 35 39 4f 52 53 50 48 6d 30 58 6d 4f 43 78 5a 4e 46 51 62 78 6b 49 53 34 46 52 57 77 75 72 54 34 37 37 37 47 30 73 6e 57 78 50 4e 71 6c 53 58 69 79 39 31 41 77 2f 79 43 63 33 66 39 32 6d 62 76 4c 5a 37 41 63 79 2b 4a 46 55 52 6f 30 6e 71 4b 6c 73 5a 41 57 66 32 4d
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: yJXcWrWaLkidOlNb.2Context: e9f7699249a6cc56<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVXRfN24y2+l3i6fHmKuuV59ORSPHm0XmOCxZNFQbxkIS4FRWwurT4777G0snWxPNqlSXiy91Aw/yCc3f92mbvLZ7Acy+JFURo0nqKlsZAWf2M
          2025-01-13 00:40:20 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 79 4a 58 63 57 72 57 61 4c 6b 69 64 4f 6c 4e 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 66 37 36 39 39 32 34 39 61 36 63 63 35 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: yJXcWrWaLkidOlNb.3Context: e9f7699249a6cc56<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2025-01-13 00:40:20 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2025-01-13 00:40:20 UTC58INData Raw: 4d 53 2d 43 56 3a 20 61 72 58 35 64 39 33 79 67 45 4f 67 51 61 46 6e 64 46 6d 37 54 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: arX5d93ygEOgQaFndFm7Tg.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          3192.168.2.64997040.113.110.67443
          TimestampBytes transferredDirectionData
          2025-01-13 00:40:43 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 5a 70 53 6a 4f 45 52 39 55 75 61 31 79 42 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 32 38 62 64 38 66 63 33 38 38 39 35 62 35 35 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: iZpSjOER9Uua1yBe.1Context: 328bd8fc38895b55
          2025-01-13 00:40:43 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2025-01-13 00:40:43 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 69 5a 70 53 6a 4f 45 52 39 55 75 61 31 79 42 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 32 38 62 64 38 66 63 33 38 38 39 35 62 35 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 58 52 66 4e 32 34 79 32 2b 6c 33 69 36 66 48 6d 4b 75 75 56 35 39 4f 52 53 50 48 6d 30 58 6d 4f 43 78 5a 4e 46 51 62 78 6b 49 53 34 46 52 57 77 75 72 54 34 37 37 37 47 30 73 6e 57 78 50 4e 71 6c 53 58 69 79 39 31 41 77 2f 79 43 63 33 66 39 32 6d 62 76 4c 5a 37 41 63 79 2b 4a 46 55 52 6f 30 6e 71 4b 6c 73 5a 41 57 66 32 4d
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: iZpSjOER9Uua1yBe.2Context: 328bd8fc38895b55<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVXRfN24y2+l3i6fHmKuuV59ORSPHm0XmOCxZNFQbxkIS4FRWwurT4777G0snWxPNqlSXiy91Aw/yCc3f92mbvLZ7Acy+JFURo0nqKlsZAWf2M
          2025-01-13 00:40:43 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 5a 70 53 6a 4f 45 52 39 55 75 61 31 79 42 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 32 38 62 64 38 66 63 33 38 38 39 35 62 35 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: iZpSjOER9Uua1yBe.3Context: 328bd8fc38895b55<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2025-01-13 00:40:43 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2025-01-13 00:40:43 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4b 6e 2b 65 70 48 2b 2f 4b 30 71 34 64 47 42 77 73 49 50 37 4f 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: Kn+epH+/K0q4dGBwsIP7OQ.0Payload parsing failed.


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:2
          Start time:19:39:50
          Start date:12/01/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:4
          Start time:19:39:55
          Start date:12/01/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2528,i,15521519275326721574,13365411018387411890,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:5
          Start time:19:40:02
          Start date:12/01/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.support.wt-nx.com/aU3V88/c1.php"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly