Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://telegrams-ar.org/

Overview

General Information

Sample URL:https://telegrams-ar.org/
Analysis ID:1591445
Infos:
Errors
  • URL not reachable

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 6880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1992,i,13621680717735017303,14253435895257872113,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 3504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://telegrams-ar.org/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://telegrams-ar.org/Avira URL Cloud: detection malicious, Label: phishing

Phishing

barindex
AI detected suspicious URL
Source: URLJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://telegrams-ar.org
Source: URLJoe Sandbox AI: AI detected Typosquatting in URL: https://telegrams-ar.org
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49827 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: telegrams-ar.org
Source: global trafficDNS traffic detected: DNS query: google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49827 version: TLS 1.2
Source: classification engineClassification label: mal52.win@20/0@17/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1992,i,13621680717735017303,14253435895257872113,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://telegrams-ar.org/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1992,i,13621680717735017303,14253435895257872113,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://telegrams-ar.org/100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.186.110
truefalse
    		high
    www.google.com
    		142.250.186.100
    		truefalse
      		high
      telegrams-ar.org
      		unknown
      		unknowntrue
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        142.250.186.100
        		www.google.comUnited States
        		15169GOOGLEUSfalse

        Private

        IP
        192.168.2.6

        General Information

        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1591445
        Start date and time:2025-01-15 00:48:35 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 1m 55s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:https://telegrams-ar.org/
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:6
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal52.win@20/0@17/3
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • URL browsing timeout or error

        Errors

        • URL not reachable

        Warnings

        • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.185.142, 64.233.167.84, 142.250.186.46, 142.250.186.142, 142.250.185.206, 2.23.77.188, 199.232.210.172, 142.250.184.206, 172.217.23.110, 2.23.242.162, 13.107.246.45, 4.175.87.197
        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, redirector.gvt1.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: https://telegrams-ar.org/

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        No static file info

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 15, 2025 00:49:23.745857954 CET49674443192.168.2.6173.222.162.64
        Jan 15, 2025 00:49:23.745874882 CET49673443192.168.2.6173.222.162.64
        Jan 15, 2025 00:49:24.073910952 CET49672443192.168.2.6173.222.162.64
        Jan 15, 2025 00:49:29.651648045 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:29.651705980 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:29.651782036 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:29.652730942 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:29.652765989 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:30.460484982 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:30.460555077 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:30.466068029 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:30.466080904 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:30.466356993 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:30.468121052 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:30.468214989 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:30.468223095 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:30.468373060 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:30.511336088 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:30.646615982 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:30.646874905 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:30.646931887 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:30.647403955 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:30.647418976 CET4434971540.113.110.67192.168.2.6
        Jan 15, 2025 00:49:30.647437096 CET49715443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:32.351860046 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:32.351938009 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:32.352086067 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:32.352353096 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:32.352374077 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:33.013649940 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:33.013916969 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:33.013931990 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:33.015383959 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:33.015451908 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:33.020632982 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:33.020719051 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:33.072741032 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:33.072748899 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:33.119618893 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:33.353991032 CET49673443192.168.2.6173.222.162.64
        Jan 15, 2025 00:49:33.354005098 CET49674443192.168.2.6173.222.162.64
        Jan 15, 2025 00:49:33.682121038 CET49672443192.168.2.6173.222.162.64
        Jan 15, 2025 00:49:35.376504898 CET44349706173.222.162.64192.168.2.6
        Jan 15, 2025 00:49:35.376611948 CET49706443192.168.2.6173.222.162.64
        Jan 15, 2025 00:49:37.596482038 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:37.596545935 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:37.596791983 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:37.597441912 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:37.597464085 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:38.426640034 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:38.426848888 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:38.429358959 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:38.429369926 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:38.429662943 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:38.431668043 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:38.431828976 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:38.431835890 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:38.431932926 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:38.475322008 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:38.610941887 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:38.611026049 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:38.611087084 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:38.611213923 CET49744443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:38.611226082 CET4434974440.113.110.67192.168.2.6
        Jan 15, 2025 00:49:42.927884102 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:42.927952051 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:42.928011894 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:44.621895075 CET49717443192.168.2.6142.250.186.100
        Jan 15, 2025 00:49:44.621916056 CET44349717142.250.186.100192.168.2.6
        Jan 15, 2025 00:49:49.987226009 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:49.987263918 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:49.987368107 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:49.988123894 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:49.988142967 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:50.812566996 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:50.812683105 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:50.817027092 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:50.817033052 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:50.817801952 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:50.819235086 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:50.819294930 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:50.819302082 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:50.819423914 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:50.863328934 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:50.998675108 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:50.999536037 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:50.999610901 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:50.999628067 CET4434982740.113.110.67192.168.2.6
        Jan 15, 2025 00:49:50.999676943 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:50.999676943 CET49827443192.168.2.640.113.110.67
        Jan 15, 2025 00:49:50.999684095 CET4434982740.113.110.67192.168.2.6

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 15, 2025 00:49:28.170583010 CET53559141.1.1.1192.168.2.6
        Jan 15, 2025 00:49:28.323204994 CET53605311.1.1.1192.168.2.6
        Jan 15, 2025 00:49:29.349719048 CET53624871.1.1.1192.168.2.6
        Jan 15, 2025 00:49:32.340415001 CET6377153192.168.2.61.1.1.1
        Jan 15, 2025 00:49:32.340415001 CET4920053192.168.2.61.1.1.1
        Jan 15, 2025 00:49:32.349283934 CET53637711.1.1.1192.168.2.6
        Jan 15, 2025 00:49:32.350812912 CET53492001.1.1.1192.168.2.6
        Jan 15, 2025 00:49:34.306510925 CET5913753192.168.2.61.1.1.1
        Jan 15, 2025 00:49:34.306947947 CET5407953192.168.2.61.1.1.1
        Jan 15, 2025 00:49:34.321183920 CET53540791.1.1.1192.168.2.6
        Jan 15, 2025 00:49:34.830841064 CET53591371.1.1.1192.168.2.6
        Jan 15, 2025 00:49:34.831579924 CET5705153192.168.2.61.1.1.1
        Jan 15, 2025 00:49:34.838769913 CET53570511.1.1.1192.168.2.6
        Jan 15, 2025 00:49:34.864732981 CET5942653192.168.2.68.8.8.8
        Jan 15, 2025 00:49:34.864945889 CET5451653192.168.2.61.1.1.1
        Jan 15, 2025 00:49:34.871856928 CET53545161.1.1.1192.168.2.6
        Jan 15, 2025 00:49:34.873608112 CET53594268.8.8.8192.168.2.6
        Jan 15, 2025 00:49:35.938375950 CET6338153192.168.2.61.1.1.1
        Jan 15, 2025 00:49:35.938664913 CET5888853192.168.2.61.1.1.1
        Jan 15, 2025 00:49:36.464773893 CET53633811.1.1.1192.168.2.6
        Jan 15, 2025 00:49:36.464886904 CET53588881.1.1.1192.168.2.6
        Jan 15, 2025 00:49:41.483397007 CET5626753192.168.2.61.1.1.1
        Jan 15, 2025 00:49:41.483558893 CET5307453192.168.2.61.1.1.1
        Jan 15, 2025 00:49:41.600303888 CET53530741.1.1.1192.168.2.6
        Jan 15, 2025 00:49:42.008322954 CET53562671.1.1.1192.168.2.6
        Jan 15, 2025 00:49:42.009440899 CET5116653192.168.2.61.1.1.1
        Jan 15, 2025 00:49:42.016637087 CET53511661.1.1.1192.168.2.6
        Jan 15, 2025 00:49:46.377363920 CET53593311.1.1.1192.168.2.6
        Jan 15, 2025 00:49:48.880312920 CET5126053192.168.2.61.1.1.1
        Jan 15, 2025 00:49:48.880595922 CET5214853192.168.2.61.1.1.1
        Jan 15, 2025 00:49:49.398783922 CET53521481.1.1.1192.168.2.6
        Jan 15, 2025 00:49:49.404905081 CET53512601.1.1.1192.168.2.6
        Jan 15, 2025 00:49:49.405484915 CET6432053192.168.2.61.1.1.1
        Jan 15, 2025 00:49:49.436490059 CET53643201.1.1.1192.168.2.6
        Jan 15, 2025 00:49:49.451067924 CET5891953192.168.2.61.1.1.1
        Jan 15, 2025 00:49:49.451411009 CET5748753192.168.2.68.8.8.8
        Jan 15, 2025 00:49:49.459081888 CET53589191.1.1.1192.168.2.6
        Jan 15, 2025 00:49:49.459994078 CET53574878.8.8.8192.168.2.6

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Jan 15, 2025 00:49:32.340415001 CET192.168.2.61.1.1.10x94a6Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:32.340415001 CET192.168.2.61.1.1.10x89dStandard query (0)www.google.com65IN (0x0001)false
        Jan 15, 2025 00:49:34.306510925 CET192.168.2.61.1.1.10x19c1Standard query (0)telegrams-ar.orgA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:34.306947947 CET192.168.2.61.1.1.10x30f7Standard query (0)telegrams-ar.org65IN (0x0001)false
        Jan 15, 2025 00:49:34.831579924 CET192.168.2.61.1.1.10xa7deStandard query (0)telegrams-ar.orgA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:34.864732981 CET192.168.2.68.8.8.80x8265Standard query (0)google.comA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:34.864945889 CET192.168.2.61.1.1.10x4c72Standard query (0)google.comA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:35.938375950 CET192.168.2.61.1.1.10x27f0Standard query (0)telegrams-ar.orgA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:35.938664913 CET192.168.2.61.1.1.10x2caStandard query (0)telegrams-ar.org65IN (0x0001)false
        Jan 15, 2025 00:49:41.483397007 CET192.168.2.61.1.1.10xfb52Standard query (0)telegrams-ar.orgA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:41.483558893 CET192.168.2.61.1.1.10x18bbStandard query (0)telegrams-ar.org65IN (0x0001)false
        Jan 15, 2025 00:49:42.009440899 CET192.168.2.61.1.1.10x8b74Standard query (0)telegrams-ar.orgA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:48.880312920 CET192.168.2.61.1.1.10x7acdStandard query (0)telegrams-ar.orgA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:48.880595922 CET192.168.2.61.1.1.10x83cdStandard query (0)telegrams-ar.org65IN (0x0001)false
        Jan 15, 2025 00:49:49.405484915 CET192.168.2.61.1.1.10x2935Standard query (0)telegrams-ar.orgA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:49.451067924 CET192.168.2.61.1.1.10x2b31Standard query (0)google.comA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:49.451411009 CET192.168.2.68.8.8.80xf174Standard query (0)google.comA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Jan 15, 2025 00:49:32.349283934 CET1.1.1.1192.168.2.60x94a6No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:32.350812912 CET1.1.1.1192.168.2.60x89dNo error (0)www.google.com65IN (0x0001)false
        Jan 15, 2025 00:49:34.321183920 CET1.1.1.1192.168.2.60x30f7Name error (3)telegrams-ar.orgnonenone65IN (0x0001)false
        Jan 15, 2025 00:49:34.830841064 CET1.1.1.1192.168.2.60x19c1Name error (3)telegrams-ar.orgnonenoneA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:34.838769913 CET1.1.1.1192.168.2.60xa7deName error (3)telegrams-ar.orgnonenoneA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:34.871856928 CET1.1.1.1192.168.2.60x4c72No error (0)google.com142.250.186.110A (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:34.873608112 CET8.8.8.8192.168.2.60x8265No error (0)google.com142.250.75.238A (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:36.464773893 CET1.1.1.1192.168.2.60x27f0Name error (3)telegrams-ar.orgnonenoneA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:36.464886904 CET1.1.1.1192.168.2.60x2caName error (3)telegrams-ar.orgnonenone65IN (0x0001)false
        Jan 15, 2025 00:49:41.600303888 CET1.1.1.1192.168.2.60x18bbName error (3)telegrams-ar.orgnonenone65IN (0x0001)false
        Jan 15, 2025 00:49:42.008322954 CET1.1.1.1192.168.2.60xfb52Name error (3)telegrams-ar.orgnonenoneA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:42.016637087 CET1.1.1.1192.168.2.60x8b74Name error (3)telegrams-ar.orgnonenoneA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:49.398783922 CET1.1.1.1192.168.2.60x83cdName error (3)telegrams-ar.orgnonenone65IN (0x0001)false
        Jan 15, 2025 00:49:49.404905081 CET1.1.1.1192.168.2.60x7acdName error (3)telegrams-ar.orgnonenoneA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:49.436490059 CET1.1.1.1192.168.2.60x2935Name error (3)telegrams-ar.orgnonenoneA (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:49.459081888 CET1.1.1.1192.168.2.60x2b31No error (0)google.com142.250.186.142A (IP address)IN (0x0001)false
        Jan 15, 2025 00:49:49.459994078 CET8.8.8.8192.168.2.60xf174No error (0)google.com142.250.75.238A (IP address)IN (0x0001)false

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination Port
        0192.168.2.64971540.113.110.67443
        TimestampBytes transferredDirectionData
        2025-01-14 23:49:30 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 38 6d 62 57 2f 58 43 31 41 55 43 63 4d 2b 6f 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 61 65 38 31 35 31 32 35 32 63 36 32 32 65 61 0d 0a 0d 0a
        Data Ascii: CNT 1 CON 305MS-CV: 8mbW/XC1AUCcM+oU.1Context: cae8151252c622ea
        2025-01-14 23:49:30 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
        2025-01-14 23:49:30 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 38 6d 62 57 2f 58 43 31 41 55 43 63 4d 2b 6f 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 61 65 38 31 35 31 32 35 32 63 36 32 32 65 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 43 56 32 64 4f 64 6e 6d 32 6d 77 49 31 5a 37 4a 54 34 53 7a 69 7a 4a 42 42 6c 62 65 33 4f 2f 2b 49 6b 45 56 70 7a 59 7a 54 34 46 30 4e 50 74 33 4c 70 61 71 56 41 65 61 54 30 73 59 6d 66 6f 42 50 7a 65 6c 79 32 76 69 73 41 68 7a 32 41 62 75 61 35 68 54 38 50 79 57 2f 4c 42 54 39 61 2b 49 5a 35 4b 50 58 44 77 75 38 6e 59 53
        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 8mbW/XC1AUCcM+oU.2Context: cae8151252c622ea<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXCV2dOdnm2mwI1Z7JT4SzizJBBlbe3O/+IkEVpzYzT4F0NPt3LpaqVAeaT0sYmfoBPzely2visAhz2Abua5hT8PyW/LBT9a+IZ5KPXDwu8nYS
        2025-01-14 23:49:30 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 38 6d 62 57 2f 58 43 31 41 55 43 63 4d 2b 6f 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 61 65 38 31 35 31 32 35 32 63 36 32 32 65 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
        Data Ascii: BND 3 CON\WNS 0 197MS-CV: 8mbW/XC1AUCcM+oU.3Context: cae8151252c622ea<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
        2025-01-14 23:49:30 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
        Data Ascii: 202 1 CON 58
        2025-01-14 23:49:30 UTC58INData Raw: 4d 53 2d 43 56 3a 20 56 38 4c 66 33 6b 2f 75 32 55 79 42 77 70 37 69 2b 63 74 58 51 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
        Data Ascii: MS-CV: V8Lf3k/u2UyBwp7i+ctXQA.0Payload parsing failed.


        Session IDSource IPSource PortDestination IPDestination Port
        1192.168.2.64974440.113.110.67443
        TimestampBytes transferredDirectionData
        2025-01-14 23:49:38 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 4d 77 2b 61 4f 75 62 45 55 47 51 6b 6c 59 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 33 32 34 36 39 63 66 63 33 61 30 30 31 32 0d 0a 0d 0a
        Data Ascii: CNT 1 CON 305MS-CV: OMw+aOubEUGQklYq.1Context: 9c32469cfc3a0012
        2025-01-14 23:49:38 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
        2025-01-14 23:49:38 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 4d 77 2b 61 4f 75 62 45 55 47 51 6b 6c 59 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 33 32 34 36 39 63 66 63 33 61 30 30 31 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 43 56 32 64 4f 64 6e 6d 32 6d 77 49 31 5a 37 4a 54 34 53 7a 69 7a 4a 42 42 6c 62 65 33 4f 2f 2b 49 6b 45 56 70 7a 59 7a 54 34 46 30 4e 50 74 33 4c 70 61 71 56 41 65 61 54 30 73 59 6d 66 6f 42 50 7a 65 6c 79 32 76 69 73 41 68 7a 32 41 62 75 61 35 68 54 38 50 79 57 2f 4c 42 54 39 61 2b 49 5a 35 4b 50 58 44 77 75 38 6e 59 53
        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: OMw+aOubEUGQklYq.2Context: 9c32469cfc3a0012<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXCV2dOdnm2mwI1Z7JT4SzizJBBlbe3O/+IkEVpzYzT4F0NPt3LpaqVAeaT0sYmfoBPzely2visAhz2Abua5hT8PyW/LBT9a+IZ5KPXDwu8nYS
        2025-01-14 23:49:38 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 4d 77 2b 61 4f 75 62 45 55 47 51 6b 6c 59 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 33 32 34 36 39 63 66 63 33 61 30 30 31 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
        Data Ascii: BND 3 CON\WNS 0 197MS-CV: OMw+aOubEUGQklYq.3Context: 9c32469cfc3a0012<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
        2025-01-14 23:49:38 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
        Data Ascii: 202 1 CON 58
        2025-01-14 23:49:38 UTC58INData Raw: 4d 53 2d 43 56 3a 20 79 4b 51 37 38 69 7a 33 56 55 71 77 77 6a 57 44 76 59 6d 73 35 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
        Data Ascii: MS-CV: yKQ78iz3VUqwwjWDvYms5g.0Payload parsing failed.


        Session IDSource IPSource PortDestination IPDestination Port
        2192.168.2.64982740.113.110.67443
        TimestampBytes transferredDirectionData
        2025-01-14 23:49:50 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 4a 6a 73 67 50 77 41 59 45 4f 6e 41 41 79 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 34 38 66 37 39 34 64 36 38 31 31 65 66 65 0d 0a 0d 0a
        Data Ascii: CNT 1 CON 305MS-CV: 5JjsgPwAYEOnAAyK.1Context: b248f794d6811efe
        2025-01-14 23:49:50 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
        2025-01-14 23:49:50 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 4a 6a 73 67 50 77 41 59 45 4f 6e 41 41 79 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 34 38 66 37 39 34 64 36 38 31 31 65 66 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 43 56 32 64 4f 64 6e 6d 32 6d 77 49 31 5a 37 4a 54 34 53 7a 69 7a 4a 42 42 6c 62 65 33 4f 2f 2b 49 6b 45 56 70 7a 59 7a 54 34 46 30 4e 50 74 33 4c 70 61 71 56 41 65 61 54 30 73 59 6d 66 6f 42 50 7a 65 6c 79 32 76 69 73 41 68 7a 32 41 62 75 61 35 68 54 38 50 79 57 2f 4c 42 54 39 61 2b 49 5a 35 4b 50 58 44 77 75 38 6e 59 53
        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5JjsgPwAYEOnAAyK.2Context: b248f794d6811efe<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXCV2dOdnm2mwI1Z7JT4SzizJBBlbe3O/+IkEVpzYzT4F0NPt3LpaqVAeaT0sYmfoBPzely2visAhz2Abua5hT8PyW/LBT9a+IZ5KPXDwu8nYS
        2025-01-14 23:49:50 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 35 4a 6a 73 67 50 77 41 59 45 4f 6e 41 41 79 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 34 38 66 37 39 34 64 36 38 31 31 65 66 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
        Data Ascii: BND 3 CON\WNS 0 197MS-CV: 5JjsgPwAYEOnAAyK.3Context: b248f794d6811efe<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
        2025-01-14 23:49:50 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
        Data Ascii: 202 1 CON 58
        2025-01-14 23:49:50 UTC58INData Raw: 4d 53 2d 43 56 3a 20 44 79 53 46 51 30 46 73 45 45 6d 32 61 76 32 66 6a 79 4e 79 76 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
        Data Ascii: MS-CV: DySFQ0FsEEm2av2fjyNyvw.0Payload parsing failed.


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:1
        Start time:18:49:23
        Start date:14/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff684c40000
        File size:3'242'272 bytes
        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:3
        Start time:18:49:26
        Start date:14/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1992,i,13621680717735017303,14253435895257872113,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff684c40000
        File size:3'242'272 bytes
        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:4
        Start time:18:49:33
        Start date:14/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://telegrams-ar.org/"
        Imagebase:0x7ff684c40000
        File size:3'242'272 bytes
        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        Disassembly

        No disassembly