Edit tour

Windows Analysis Report
http://d1lfch1kat8a9g.cloudfront.net

Overview

General Information

Sample URL:	http://d1lfch1kat8a9g.cloudfront.net
Analysis ID:	1430397
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1872,i,2813836013340844784,1361737100984135466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://d1lfch1kat8a9g.cloudfront.net" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49731 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49739 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49731 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: d1lfch1kat8a9g.cloudfront.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: d1lfch1kat8a9g.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d1lfch1kat8a9g.cloudfront.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: d1lfch1kat8a9g.cloudfront.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: d1lfch1kat8a9g.cloudfront.net

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1696488253X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581DX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900C4F3X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Tue, 23 Apr 2024 14:05:35 GMTContent-Type: text/xmlContent-Length: 146Connection: closeX-Cache: Error from cloudfrontVia: 1.1 7b7e50db6589e0f941d9a919773b8e8a.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL56-C2X-Amz-Cf-Id: UIE07gwddxBKYCitj2PpgmEIsColcTePPulAZ-5fm6cHTcTjWM646w==Vary: Origin
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Tue, 23 Apr 2024 14:05:36 GMTContent-Type: text/xmlContent-Length: 146Connection: closeX-Cache: Error from cloudfrontVia: 1.1 1dc78b483a05802622534dc6e5ba6780.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL56-C2X-Amz-Cf-Id: XoTsL_WwV2uKz3YX4KZebM6VgFsvZ_eHfjQ7kdXd9ruV6OtkFpnOHw==Vary: Origin

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49739 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/4@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1872,i,2813836013340844784,1361737100984135466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://d1lfch1kat8a9g.cloudfront.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1872,i,2813836013340844784,1361737100984135466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://d1lfch1kat8a9g.cloudfront.net	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	74.125.136.103	true	false		high
d1lfch1kat8a9g.cloudfront.net	54.230.139.92	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://d1lfch1kat8a9g.cloudfront.net/favicon.ico	false	high
https://d1lfch1kat8a9g.cloudfront.net/	false	high
http://d1lfch1kat8a9g.cloudfront.net/	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
54.230.139.92	d1lfch1kat8a9g.cloudfront.net	United States	16509	AMAZON-02US	false
74.125.136.103	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430397
Start date and time:	2024-04-23 16:04:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://d1lfch1kat8a9g.cloudfront.net
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/4@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.215.94, 142.250.105.139, 142.250.105.100, 142.250.105.101, 142.250.105.138, 142.250.105.102, 142.250.105.113, 172.253.124.84, 34.104.35.123, 40.127.169.103, 13.85.23.206, 40.68.123.157, 23.207.202.19, 23.207.202.24, 23.207.202.6, 23.207.202.8, 23.207.202.12, 23.207.202.15, 23.207.202.18, 23.207.202.14, 23.207.202.16, 142.250.105.94
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://d1lfch1kat8a9g.cloudfront.net

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	146
Entropy (8bit):	4.840658488077
Encrypted:	false
SSDEEP:	3:vFWWMNHU8LdgCfIqZj+Rfc0jAbWWUTkKFOXckAmSb3FS9KgqLn:TMVBd/IqZjKXjLWae/oRjg6n
MD5:	40A481F43CA93BBBDD18621B439EA397
SHA1:	14D3E0410423ED5F02262322C8296F509DCF4661
SHA-256:	95769EB326E23B8CD1B7A9B82D884A713A9724F49B2794AC5B967D8CD706DE83
SHA-512:	19701AD4A5157A503BBEF4B2A654FD37830704CF6BCA1DBE58A6B7946D6ABAC490CD1747AD8332C297CD6A446655B1F01740F4FDC0D10194ACA7CB349B7E14BA
Malicious:	false
Reputation:	low
URL:	https://d1lfch1kat8a9g.cloudfront.net/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?><Error><Code>MissingKey</Code><Message>Missing Key-Pair-Id query parameter or cookie value</Message></Error>

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	146
Entropy (8bit):	4.840658488077
Encrypted:	false
SSDEEP:	3:vFWWMNHU8LdgCfIqZj+Rfc0jAbWWUTkKFOXckAmSb3FS9KgqLn:TMVBd/IqZjKXjLWae/oRjg6n
MD5:	40A481F43CA93BBBDD18621B439EA397
SHA1:	14D3E0410423ED5F02262322C8296F509DCF4661
SHA-256:	95769EB326E23B8CD1B7A9B82D884A713A9724F49B2794AC5B967D8CD706DE83
SHA-512:	19701AD4A5157A503BBEF4B2A654FD37830704CF6BCA1DBE58A6B7946D6ABAC490CD1747AD8332C297CD6A446655B1F01740F4FDC0D10194ACA7CB349B7E14BA
Malicious:	false
Reputation:	low
URL:	https://d1lfch1kat8a9g.cloudfront.net/
Preview:	<?xml version="1.0" encoding="UTF-8"?><Error><Code>MissingKey</Code><Message>Missing Key-Pair-Id query parameter or cookie value</Message></Error>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 16:05:24.759110928 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:24.759125948 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:25.055876017 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:33.299274921 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.299330950 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:33.299411058 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.300143003 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.300158978 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:33.684711933 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:33.684875965 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.691656113 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.691682100 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:33.692132950 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:33.695017099 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.695082903 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.695090055 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:33.695235968 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.736129999 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:33.817158937 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:33.817264080 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:33.817378998 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.817720890 CEST	49720	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:33.817737103 CEST	443	49720	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:34.369716883 CEST	49721	80	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.372170925 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:34.372172117 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:34.437985897 CEST	49722	80	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.474008083 CEST	80	49721	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.474081039 CEST	49721	80	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.474848032 CEST	49721	80	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.542422056 CEST	80	49722	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.542496920 CEST	49722	80	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.579138041 CEST	80	49721	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.579408884 CEST	80	49721	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.622967005 CEST	49721	80	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.663141012 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:34.734740973 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.734797955 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.734867096 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.735827923 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.735853910 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.957621098 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.958354950 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.958389044 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.960041046 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.960119963 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.973153114 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.973263025 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:34.974186897 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:34.974217892 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:35.024236917 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:35.159487009 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:35.159604073 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:35.159971952 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:35.160398006 CEST	49723	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:35.160432100 CEST	443	49723	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:35.868976116 CEST	49725	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:35.869026899 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:35.869225979 CEST	49725	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:35.887713909 CEST	49725	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:35.887742043 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:36.061623096 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:36.061748981 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:36.104202986 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:36.121299982 CEST	49725	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:36.121335030 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:36.121969938 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:36.122597933 CEST	49725	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:36.122684002 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:36.123101950 CEST	49725	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:36.164149046 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:36.292671919 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:36.292711973 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:36.292800903 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:36.293380976 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:36.293394089 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:36.312432051 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:36.312515020 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:36.312562943 CEST	49725	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:36.316777945 CEST	49725	443	192.168.2.6	54.230.139.92
Apr 23, 2024 16:05:36.316787004 CEST	443	49725	54.230.139.92	192.168.2.6
Apr 23, 2024 16:05:36.512017965 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:36.512294054 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:36.512311935 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:36.513358116 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:36.513430119 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:36.516791105 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:36.516865015 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:36.569371939 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:36.569390059 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:36.616250992 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:36.996783972 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:36.996834040 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:36.996908903 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:36.998758078 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:36.998774052 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.247689009 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.248486042 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.256171942 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.256200075 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.256563902 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.304202080 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.351705074 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.392118931 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.469032049 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.469208002 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.470540047 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.580910921 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.580961943 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.581000090 CEST	49727	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.581016064 CEST	443	49727	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.641967058 CEST	49728	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.642024040 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.642098904 CEST	49728	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.642606020 CEST	49728	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.642623901 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.891702890 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.891813040 CEST	49728	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.894140959 CEST	49728	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.894151926 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.894407988 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:37.896430016 CEST	49728	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:37.940126896 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:38.125221968 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:38.125401974 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:38.125469923 CEST	49728	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:38.149851084 CEST	49728	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:38.149851084 CEST	49728	443	192.168.2.6	23.221.242.90
Apr 23, 2024 16:05:38.149923086 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:38.149933100 CEST	443	49728	23.221.242.90	192.168.2.6
Apr 23, 2024 16:05:40.316206932 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:40.316248894 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:40.316472054 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:40.317361116 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:40.317373991 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:40.698463917 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:40.698597908 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:40.978920937 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:40.978956938 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:40.979463100 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:40.988909960 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:40.989025116 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:40.989037991 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:40.989211082 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:41.032140017 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:41.111128092 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:41.111264944 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:41.111346960 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:41.111597061 CEST	49729	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:41.111633062 CEST	443	49729	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:46.509032965 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:46.509120941 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:46.509269953 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:46.585073948 CEST	49726	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:05:46.585107088 CEST	443	49726	74.125.136.103	192.168.2.6
Apr 23, 2024 16:05:46.709856033 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:46.711139917 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:46.715827942 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:46.715858936 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:46.715925932 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:46.757397890 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:46.757426977 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:46.862201929 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:46.863445044 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:47.071146965 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:47.071235895 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:47.178675890 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:47.178709030 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:47.179090023 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:47.179277897 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:47.181822062 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:47.181858063 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:47.183532000 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:47.224117041 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:47.451406002 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:47.451498032 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:47.451972008 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:47.452020884 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:47.452217102 CEST	443	49731	173.222.162.64	192.168.2.6
Apr 23, 2024 16:05:47.452270031 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:47.452291012 CEST	49731	443	192.168.2.6	173.222.162.64
Apr 23, 2024 16:05:50.846390009 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:50.846427917 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:50.846504927 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:50.847220898 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:50.847234011 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:51.219748020 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:51.219820023 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:51.221792936 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:51.221798897 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:51.222038031 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:51.224140882 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:51.224241972 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:51.224247932 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:51.224392891 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:51.268137932 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:51.346482038 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:51.346689939 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:05:51.346757889 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:51.346934080 CEST	49732	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:05:51.346950054 CEST	443	49732	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:04.610506058 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:04.610563993 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:04.610877037 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:04.611511946 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:04.611526012 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:04.647387028 CEST	80	49722	54.230.139.92	192.168.2.6
Apr 23, 2024 16:06:04.647454023 CEST	49722	80	192.168.2.6	54.230.139.92
Apr 23, 2024 16:06:04.983510971 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:04.983583927 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:04.985821962 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:04.985831976 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:04.986109972 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:04.988203049 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:04.988322020 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:04.988326073 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:04.988492966 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:05.036118984 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:05.110816002 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:05.110902071 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:05.111090899 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:05.111246109 CEST	49733	443	192.168.2.6	52.159.127.243
Apr 23, 2024 16:06:05.111258984 CEST	443	49733	52.159.127.243	192.168.2.6
Apr 23, 2024 16:06:06.172842979 CEST	49722	80	192.168.2.6	54.230.139.92
Apr 23, 2024 16:06:06.277076006 CEST	80	49722	54.230.139.92	192.168.2.6
Apr 23, 2024 16:06:19.590950966 CEST	49721	80	192.168.2.6	54.230.139.92
Apr 23, 2024 16:06:19.695173025 CEST	80	49721	54.230.139.92	192.168.2.6
Apr 23, 2024 16:06:25.733937979 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:25.734000921 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:25.734106064 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:25.734982014 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:25.735013008 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:26.108299971 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:26.108390093 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:26.114300966 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:26.114312887 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:26.114577055 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:26.119541883 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:26.119858027 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:26.119864941 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:26.120338917 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:26.164159060 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:26.242130995 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:26.242217064 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:26.242304087 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:26.243036985 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:26.243077993 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:36.256386995 CEST	49738	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:06:36.256417990 CEST	443	49738	74.125.136.103	192.168.2.6
Apr 23, 2024 16:06:36.256573915 CEST	49738	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:06:36.256767988 CEST	49738	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:06:36.256784916 CEST	443	49738	74.125.136.103	192.168.2.6
Apr 23, 2024 16:06:36.475135088 CEST	443	49738	74.125.136.103	192.168.2.6
Apr 23, 2024 16:06:36.519753933 CEST	49738	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:06:36.519783974 CEST	443	49738	74.125.136.103	192.168.2.6
Apr 23, 2024 16:06:36.521223068 CEST	443	49738	74.125.136.103	192.168.2.6
Apr 23, 2024 16:06:36.521908998 CEST	49738	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:06:36.522097111 CEST	443	49738	74.125.136.103	192.168.2.6
Apr 23, 2024 16:06:36.570822954 CEST	49738	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:06:46.481995106 CEST	443	49738	74.125.136.103	192.168.2.6
Apr 23, 2024 16:06:46.482084990 CEST	443	49738	74.125.136.103	192.168.2.6
Apr 23, 2024 16:06:46.482129097 CEST	49738	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:06:48.119287014 CEST	49738	443	192.168.2.6	74.125.136.103
Apr 23, 2024 16:06:48.119321108 CEST	443	49738	74.125.136.103	192.168.2.6
Apr 23, 2024 16:06:55.173528910 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.173578024 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:55.173832893 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.174710035 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.174724102 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:55.546952009 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:55.547041893 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.549319029 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.549330950 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:55.551624060 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:55.553647995 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.553698063 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.553703070 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:55.553844929 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.596124887 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:55.676294088 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:55.676387072 CEST	443	49739	20.25.241.18	192.168.2.6
Apr 23, 2024 16:06:55.676448107 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.676687002 CEST	49739	443	192.168.2.6	20.25.241.18
Apr 23, 2024 16:06:55.676697969 CEST	443	49739	20.25.241.18	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 16:05:31.765044928 CEST	53	51623	1.1.1.1	192.168.2.6
Apr 23, 2024 16:05:31.950804949 CEST	53	65283	1.1.1.1	192.168.2.6
Apr 23, 2024 16:05:32.555248022 CEST	53	57317	1.1.1.1	192.168.2.6
Apr 23, 2024 16:05:34.259398937 CEST	57734	53	192.168.2.6	1.1.1.1
Apr 23, 2024 16:05:34.262432098 CEST	53095	53	192.168.2.6	1.1.1.1
Apr 23, 2024 16:05:34.364898920 CEST	53	57734	1.1.1.1	192.168.2.6
Apr 23, 2024 16:05:34.368470907 CEST	53	53095	1.1.1.1	192.168.2.6
Apr 23, 2024 16:05:34.605751038 CEST	59396	53	192.168.2.6	1.1.1.1
Apr 23, 2024 16:05:34.605894089 CEST	52454	53	192.168.2.6	1.1.1.1
Apr 23, 2024 16:05:34.711544991 CEST	53	52454	1.1.1.1	192.168.2.6
Apr 23, 2024 16:05:34.713277102 CEST	53	59396	1.1.1.1	192.168.2.6
Apr 23, 2024 16:05:36.185327053 CEST	52727	53	192.168.2.6	1.1.1.1
Apr 23, 2024 16:05:36.185733080 CEST	52705	53	192.168.2.6	1.1.1.1
Apr 23, 2024 16:05:36.290227890 CEST	53	52727	1.1.1.1	192.168.2.6
Apr 23, 2024 16:05:36.290596008 CEST	53	52705	1.1.1.1	192.168.2.6
Apr 23, 2024 16:05:49.824812889 CEST	53	49560	1.1.1.1	192.168.2.6
Apr 23, 2024 16:06:08.980554104 CEST	53	53013	1.1.1.1	192.168.2.6
Apr 23, 2024 16:06:31.745595932 CEST	53	60769	1.1.1.1	192.168.2.6
Apr 23, 2024 16:06:32.275032997 CEST	53	52975	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2024 16:05:34.259398937 CEST	192.168.2.6	1.1.1.1	0xb978	Standard query (0)	d1lfch1kat8a9g.cloudfront.net	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:34.262432098 CEST	192.168.2.6	1.1.1.1	0xcb2c	Standard query (0)	d1lfch1kat8a9g.cloudfront.net	65	IN (0x0001)	false
Apr 23, 2024 16:05:34.605751038 CEST	192.168.2.6	1.1.1.1	0x2530	Standard query (0)	d1lfch1kat8a9g.cloudfront.net	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:34.605894089 CEST	192.168.2.6	1.1.1.1	0x391a	Standard query (0)	d1lfch1kat8a9g.cloudfront.net	65	IN (0x0001)	false
Apr 23, 2024 16:05:36.185327053 CEST	192.168.2.6	1.1.1.1	0x46f3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:36.185733080 CEST	192.168.2.6	1.1.1.1	0x50cc	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 23, 2024 16:05:34.364898920 CEST	1.1.1.1	192.168.2.6	0xb978	No error (0)	d1lfch1kat8a9g.cloudfront.net	54.230.139.92	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:34.364898920 CEST	1.1.1.1	192.168.2.6	0xb978	No error (0)	d1lfch1kat8a9g.cloudfront.net	54.230.139.109	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:34.364898920 CEST	1.1.1.1	192.168.2.6	0xb978	No error (0)	d1lfch1kat8a9g.cloudfront.net	54.230.139.63	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:34.364898920 CEST	1.1.1.1	192.168.2.6	0xb978	No error (0)	d1lfch1kat8a9g.cloudfront.net	54.230.139.136	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:34.713277102 CEST	1.1.1.1	192.168.2.6	0x2530	No error (0)	d1lfch1kat8a9g.cloudfront.net	54.230.139.92	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:34.713277102 CEST	1.1.1.1	192.168.2.6	0x2530	No error (0)	d1lfch1kat8a9g.cloudfront.net	54.230.139.136	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:34.713277102 CEST	1.1.1.1	192.168.2.6	0x2530	No error (0)	d1lfch1kat8a9g.cloudfront.net	54.230.139.63	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:34.713277102 CEST	1.1.1.1	192.168.2.6	0x2530	No error (0)	d1lfch1kat8a9g.cloudfront.net	54.230.139.109	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:36.290227890 CEST	1.1.1.1	192.168.2.6	0x46f3	No error (0)	www.google.com	74.125.136.103	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:36.290227890 CEST	1.1.1.1	192.168.2.6	0x46f3	No error (0)	www.google.com	74.125.136.104	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:36.290227890 CEST	1.1.1.1	192.168.2.6	0x46f3	No error (0)	www.google.com	74.125.136.105	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:36.290227890 CEST	1.1.1.1	192.168.2.6	0x46f3	No error (0)	www.google.com	74.125.136.106	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:36.290227890 CEST	1.1.1.1	192.168.2.6	0x46f3	No error (0)	www.google.com	74.125.136.147	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:36.290227890 CEST	1.1.1.1	192.168.2.6	0x46f3	No error (0)	www.google.com	74.125.136.99	A (IP address)	IN (0x0001)	false
Apr 23, 2024 16:05:36.290596008 CEST	1.1.1.1	192.168.2.6	0x50cc	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

d1lfch1kat8a9g.cloudfront.net

https:

www.bing.com

fs.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49721	54.230.139.92	80	4368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 16:05:34.474848032 CEST	444	OUT	GET / HTTP/1.1 Host: d1lfch1kat8a9g.cloudfront.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Apr 23, 2024 16:05:34.579408884 CEST	593	IN	HTTP/1.1 301 Moved Permanently Server: CloudFront Date: Tue, 23 Apr 2024 14:05:34 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Location: https://d1lfch1kat8a9g.cloudfront.net/ X-Cache: Redirect from cloudfront Via: 1.1 73f444b3100b70188ac24e407d02e6e2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL56-C2 X-Amz-Cf-Id: vaV6YaZfqIbRKsFgp5iNnM7ieqR0pGUOyTVfmqqkKG8o1avzUAokcg== Vary: Origin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>
Apr 23, 2024 16:06:19.590950966 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49720	52.159.127.243	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:05:33 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 6d 42 73 59 78 41 4a 4a 45 6d 63 6b 6d 57 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 65 35 64 39 30 63 31 36 37 36 37 64 31 31 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: vmBsYxAJJEmckmWT.1Context: ee5d90c16767d11a
2024-04-23 14:05:33 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-23 14:05:33 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 76 6d 42 73 59 78 41 4a 4a 45 6d 63 6b 6d 57 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 65 35 64 39 30 63 31 36 37 36 37 64 31 31 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 6e 35 74 67 48 4f 64 72 4b 4d 6f 42 34 4d 68 57 38 6a 4a 6d 31 43 72 4b 75 31 65 4e 52 39 2f 37 2b 67 6f 6c 38 63 67 78 6b 71 39 32 77 6b 73 39 4e 51 4e 6c 61 2b 76 41 31 43 6f 52 52 69 31 36 64 66 54 46 2f 6e 73 4e 6a 35 38 47 64 77 6b 75 73 4e 70 4d 38 63 63 42 72 65 4e 46 48 34 31 51 76 53 66 62 43 67 37 61 42 6d 4b 65 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: vmBsYxAJJEmckmWT.2Context: ee5d90c16767d11a<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYn5tgHOdrKMoB4MhW8jJm1CrKu1eNR9/7+gol8cgxkq92wks9NQNla+vA1CoRRi16dfTF/nsNj58GdwkusNpM8ccBreNFH41QvSfbCg7aBmKe
2024-04-23 14:05:33 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 6d 42 73 59 78 41 4a 4a 45 6d 63 6b 6d 57 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 65 35 64 39 30 63 31 36 37 36 37 64 31 31 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: vmBsYxAJJEmckmWT.3Context: ee5d90c16767d11a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-23 14:05:33 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-23 14:05:33 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 74 35 70 7a 76 49 46 71 39 45 57 75 34 69 41 61 31 4d 6b 6c 72 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: t5pzvIFq9EWu4iAa1Mklrg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49723	54.230.139.92	443	4368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:05:34 UTC	672	OUT	GET / HTTP/1.1 Host: d1lfch1kat8a9g.cloudfront.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 14:05:35 UTC	359	IN	HTTP/1.1 403 Forbidden Server: CloudFront Date: Tue, 23 Apr 2024 14:05:35 GMT Content-Type: text/xml Content-Length: 146 Connection: close X-Cache: Error from cloudfront Via: 1.1 7b7e50db6589e0f941d9a919773b8e8a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL56-C2 X-Amz-Cf-Id: UIE07gwddxBKYCitj2PpgmEIsColcTePPulAZ-5fm6cHTcTjWM646w== Vary: Origin
2024-04-23 14:05:35 UTC	146	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4d 69 73 73 69 6e 67 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 4d 69 73 73 69 6e 67 20 4b 65 79 2d 50 61 69 72 2d 49 64 20 71 75 65 72 79 20 70 61 72 61 6d 65 74 65 72 20 6f 72 20 63 6f 6f 6b 69 65 20 76 61 6c 75 65 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>MissingKey</Code><Message>Missing Key-Pair-Id query parameter or cookie value</Message></Error>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49725	54.230.139.92	443	4368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:05:36 UTC	614	OUT	GET /favicon.ico HTTP/1.1 Host: d1lfch1kat8a9g.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://d1lfch1kat8a9g.cloudfront.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 14:05:36 UTC	359	IN	HTTP/1.1 403 Forbidden Server: CloudFront Date: Tue, 23 Apr 2024 14:05:36 GMT Content-Type: text/xml Content-Length: 146 Connection: close X-Cache: Error from cloudfront Via: 1.1 1dc78b483a05802622534dc6e5ba6780.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL56-C2 X-Amz-Cf-Id: XoTsL_WwV2uKz3YX4KZebM6VgFsvZ_eHfjQ7kdXd9ruV6OtkFpnOHw== Vary: Origin
2024-04-23 14:05:36 UTC	146	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4d 69 73 73 69 6e 67 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 4d 69 73 73 69 6e 67 20 4b 65 79 2d 50 61 69 72 2d 49 64 20 71 75 65 72 79 20 70 61 72 61 6d 65 74 65 72 20 6f 72 20 63 6f 6f 6b 69 65 20 76 61 6c 75 65 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>MissingKey</Code><Message>Missing Key-Pair-Id query parameter or cookie value</Message></Error>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49727	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:05:37 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-23 14:05:37 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0790) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=43158 Date: Tue, 23 Apr 2024 14:05:37 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49728	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:05:37 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-23 14:05:38 UTC	773	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-CID: 7 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z Content-Type: application/octet-stream X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=43162 Date: Tue, 23 Apr 2024 14:05:38 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-23 14:05:38 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49729	52.159.127.243	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:05:40 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 4e 33 4c 35 74 71 5a 66 45 43 58 4f 58 75 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 30 33 37 32 38 35 30 38 37 62 32 33 64 66 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: xN3L5tqZfECXOXuE.1Context: d037285087b23df0
2024-04-23 14:05:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-23 14:05:40 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 78 4e 33 4c 35 74 71 5a 66 45 43 58 4f 58 75 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 30 33 37 32 38 35 30 38 37 62 32 33 64 66 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 6e 35 74 67 48 4f 64 72 4b 4d 6f 42 34 4d 68 57 38 6a 4a 6d 31 43 72 4b 75 31 65 4e 52 39 2f 37 2b 67 6f 6c 38 63 67 78 6b 71 39 32 77 6b 73 39 4e 51 4e 6c 61 2b 76 41 31 43 6f 52 52 69 31 36 64 66 54 46 2f 6e 73 4e 6a 35 38 47 64 77 6b 75 73 4e 70 4d 38 63 63 42 72 65 4e 46 48 34 31 51 76 53 66 62 43 67 37 61 42 6d 4b 65 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: xN3L5tqZfECXOXuE.2Context: d037285087b23df0<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYn5tgHOdrKMoB4MhW8jJm1CrKu1eNR9/7+gol8cgxkq92wks9NQNla+vA1CoRRi16dfTF/nsNj58GdwkusNpM8ccBreNFH41QvSfbCg7aBmKe
2024-04-23 14:05:40 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 78 4e 33 4c 35 74 71 5a 66 45 43 58 4f 58 75 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 30 33 37 32 38 35 30 38 37 62 32 33 64 66 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: xN3L5tqZfECXOXuE.3Context: d037285087b23df0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-23 14:05:41 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-23 14:05:41 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 43 31 64 4f 68 62 37 55 30 57 74 52 48 55 70 5a 56 63 2b 38 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: wC1dOhb7U0WtRHUpZVc+8g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49731	173.222.162.64	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:05:47 UTC	2256	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900C4F3 X-BM-CBT: 1696488253 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581D X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900C4F3 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 516 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
2024-04-23 14:05:47 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-04-23 14:05:47 UTC	515	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 38 31 43 36 31 45 30 39 34 39 38 44 34 31 43 43 39 37 43 44 42 42 41 33 35 34 38 32 34 45 44 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 35 31 41 41 38 32 41 45 39 30 43 34 36 36 39 39 46 35 42 31 46 45 33 34 32 42 45 37 45 31 30 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>81C61E09498D41CC97CDBBA354824ED1</CID><Events><E><T>Event.ClientInst</T><IG>351AA82AE90C46699F5B1FE342BE7E10</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-04-23 14:05:47 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 721B64ED5798433E85772C476BE0FC04 Ref B: LAX311000110045 Ref C: 2024-04-23T14:05:47Z Date: Tue, 23 Apr 2024 14:05:47 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.40a6dc17.1713881147.14bbfe6c

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49732	52.159.127.243	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:05:51 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 72 59 72 71 47 44 74 34 4d 30 2b 35 78 56 46 30 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 62 31 35 63 30 32 66 65 32 31 62 61 62 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: rYrqGDt4M0+5xVF0.1Context: d2b15c02fe21babd
2024-04-23 14:05:51 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-23 14:05:51 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 72 59 72 71 47 44 74 34 4d 30 2b 35 78 56 46 30 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 62 31 35 63 30 32 66 65 32 31 62 61 62 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 6e 35 74 67 48 4f 64 72 4b 4d 6f 42 34 4d 68 57 38 6a 4a 6d 31 43 72 4b 75 31 65 4e 52 39 2f 37 2b 67 6f 6c 38 63 67 78 6b 71 39 32 77 6b 73 39 4e 51 4e 6c 61 2b 76 41 31 43 6f 52 52 69 31 36 64 66 54 46 2f 6e 73 4e 6a 35 38 47 64 77 6b 75 73 4e 70 4d 38 63 63 42 72 65 4e 46 48 34 31 51 76 53 66 62 43 67 37 61 42 6d 4b 65 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: rYrqGDt4M0+5xVF0.2Context: d2b15c02fe21babd<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYn5tgHOdrKMoB4MhW8jJm1CrKu1eNR9/7+gol8cgxkq92wks9NQNla+vA1CoRRi16dfTF/nsNj58GdwkusNpM8ccBreNFH41QvSfbCg7aBmKe
2024-04-23 14:05:51 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 72 59 72 71 47 44 74 34 4d 30 2b 35 78 56 46 30 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 62 31 35 63 30 32 66 65 32 31 62 61 62 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: rYrqGDt4M0+5xVF0.3Context: d2b15c02fe21babd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-23 14:05:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-23 14:05:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6d 77 62 67 62 67 37 2b 58 45 2b 70 50 34 53 78 43 61 62 32 62 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: mwbgbg7+XE+pP4SxCab2bg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49733	52.159.127.243	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:06:04 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 53 79 32 67 34 49 55 33 45 6d 50 6c 65 38 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 63 34 32 31 65 34 62 32 37 30 63 37 30 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: lSy2g4IU3EmPle89.1Context: 66c421e4b270c702
2024-04-23 14:06:04 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-23 14:06:04 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 6c 53 79 32 67 34 49 55 33 45 6d 50 6c 65 38 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 63 34 32 31 65 34 62 32 37 30 63 37 30 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 6e 35 74 67 48 4f 64 72 4b 4d 6f 42 34 4d 68 57 38 6a 4a 6d 31 43 72 4b 75 31 65 4e 52 39 2f 37 2b 67 6f 6c 38 63 67 78 6b 71 39 32 77 6b 73 39 4e 51 4e 6c 61 2b 76 41 31 43 6f 52 52 69 31 36 64 66 54 46 2f 6e 73 4e 6a 35 38 47 64 77 6b 75 73 4e 70 4d 38 63 63 42 72 65 4e 46 48 34 31 51 76 53 66 62 43 67 37 61 42 6d 4b 65 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: lSy2g4IU3EmPle89.2Context: 66c421e4b270c702<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYn5tgHOdrKMoB4MhW8jJm1CrKu1eNR9/7+gol8cgxkq92wks9NQNla+vA1CoRRi16dfTF/nsNj58GdwkusNpM8ccBreNFH41QvSfbCg7aBmKe
2024-04-23 14:06:04 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6c 53 79 32 67 34 49 55 33 45 6d 50 6c 65 38 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 63 34 32 31 65 34 62 32 37 30 63 37 30 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: lSy2g4IU3EmPle89.3Context: 66c421e4b270c702<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-23 14:06:05 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-23 14:06:05 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 30 30 57 4b 33 56 78 58 45 4b 62 4f 68 79 78 2b 64 41 46 38 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: w00WK3VxXEKbOhyx+dAF8g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49736	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:06:26 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 43 30 68 76 71 6d 54 33 30 47 56 37 6d 49 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 61 37 62 31 36 65 38 65 39 61 66 65 30 31 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: /C0hvqmT30GV7mIY.1Context: aa7b16e8e9afe01b
2024-04-23 14:06:26 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-23 14:06:26 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 2f 43 30 68 76 71 6d 54 33 30 47 56 37 6d 49 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 61 37 62 31 36 65 38 65 39 61 66 65 30 31 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 6e 35 74 67 48 4f 64 72 4b 4d 6f 42 34 4d 68 57 38 6a 4a 6d 31 43 72 4b 75 31 65 4e 52 39 2f 37 2b 67 6f 6c 38 63 67 78 6b 71 39 32 77 6b 73 39 4e 51 4e 6c 61 2b 76 41 31 43 6f 52 52 69 31 36 64 66 54 46 2f 6e 73 4e 6a 35 38 47 64 77 6b 75 73 4e 70 4d 38 63 63 42 72 65 4e 46 48 34 31 51 76 53 66 62 43 67 37 61 42 6d 4b 65 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: /C0hvqmT30GV7mIY.2Context: aa7b16e8e9afe01b<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYn5tgHOdrKMoB4MhW8jJm1CrKu1eNR9/7+gol8cgxkq92wks9NQNla+vA1CoRRi16dfTF/nsNj58GdwkusNpM8ccBreNFH41QvSfbCg7aBmKe
2024-04-23 14:06:26 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 43 30 68 76 71 6d 54 33 30 47 56 37 6d 49 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 61 37 62 31 36 65 38 65 39 61 66 65 30 31 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: /C0hvqmT30GV7mIY.3Context: aa7b16e8e9afe01b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-23 14:06:26 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-23 14:06:26 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 53 65 31 34 75 45 69 65 31 30 69 54 47 67 51 73 51 5a 6c 56 74 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Se14uEie10iTGgQsQZlVtQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49739	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 14:06:55 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 76 66 2f 54 78 31 2f 66 30 79 6a 70 62 47 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 36 64 64 31 37 61 36 66 32 32 62 34 30 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: /vf/Tx1/f0yjpbGr.1Context: 1f6dd17a6f22b40d
2024-04-23 14:06:55 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-23 14:06:55 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 2f 76 66 2f 54 78 31 2f 66 30 79 6a 70 62 47 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 36 64 64 31 37 61 36 66 32 32 62 34 30 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 6e 35 74 67 48 4f 64 72 4b 4d 6f 42 34 4d 68 57 38 6a 4a 6d 31 43 72 4b 75 31 65 4e 52 39 2f 37 2b 67 6f 6c 38 63 67 78 6b 71 39 32 77 6b 73 39 4e 51 4e 6c 61 2b 76 41 31 43 6f 52 52 69 31 36 64 66 54 46 2f 6e 73 4e 6a 35 38 47 64 77 6b 75 73 4e 70 4d 38 63 63 42 72 65 4e 46 48 34 31 51 76 53 66 62 43 67 37 61 42 6d 4b 65 Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: /vf/Tx1/f0yjpbGr.2Context: 1f6dd17a6f22b40d<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYn5tgHOdrKMoB4MhW8jJm1CrKu1eNR9/7+gol8cgxkq92wks9NQNla+vA1CoRRi16dfTF/nsNj58GdwkusNpM8ccBreNFH41QvSfbCg7aBmKe
2024-04-23 14:06:55 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 76 66 2f 54 78 31 2f 66 30 79 6a 70 62 47 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 36 64 64 31 37 61 36 66 32 32 62 34 30 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: /vf/Tx1/f0yjpbGr.3Context: 1f6dd17a6f22b40d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-23 14:06:55 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-23 14:06:55 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 53 75 33 7a 75 70 4d 43 46 45 71 4b 69 4d 69 34 36 7a 52 42 49 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Su3zupMCFEqKiMi46zRBIQ.0Payload parsing failed.

Target ID:	0
Start time:	16:05:25
Start date:	23/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:05:29
Start date:	23/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1872,i,2813836013340844784,1361737100984135466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	16:05:32
Start date:	23/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://d1lfch1kat8a9g.cloudfront.net"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://d1lfch1kat8a9g.cloudfront.net

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6248, Parent PID: 5888

General

Chronological Activities

Analysis Process: chrome.exePID: 4368, Parent PID: 6248

General

Chronological Activities

Analysis Process: chrome.exePID: 5040, Parent PID: 5888

General

Chronological Activities

Disassembly

Windows Analysis Report
http://d1lfch1kat8a9g.cloudfront.net