Windows Analysis Report
http://www.zurich.de/-/media/themes/zwp/base/corp/scriΡts/

Overview

General Information

Sample URL:	http://www.zurich.de/-/media/themes/zwp/base/corp/scriΡts/
Analysis ID:	1522701
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

Source: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/

HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49731 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49728 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49731 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET //-/media/themes/zwp/base/corp/scripts/ HTTP/1.1Host: www.zurich.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==
Source: global traffic	HTTP traffic detected: GET /tute-pot-is-a-Witch-not-the-lour-With-do-furthro HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=613944097 HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.9770638167747097 HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=8MUZbPUurnxoEkLgI6z8VgAAAACARcc4Jn96kvWALrVCvZB5; ___utmvc=b/MAY4IX3pMbsZxzoZV/8o1rId9/SyzvUe+m5N8A+eoJftUsM2+vBcAAiTrTTyUFDc1AttBUKXZ/bJ1IKZRl1PV9+6yAxiQYr9aOrCJV46rzagGaCBdQxA7wVd8yxy75C24QvAh2JBpmwxsWHYV7teq7cdm+n0fgcvWTwUDal/ko0EB05esPvhmB7DUq6ayHVTMKF1aDvGkXp/5m91ODApYmz8CbwStU3vk+pr7AXj7qmTb7tTIesn0qxgndbUOd0+UkJw701VeKCp7lbq7ES/TnPLxX7MeajkGSiEsXhCsp4lA6q59gfxJ1CwVtG6BSODOxryBBPWgdqf2iQ5+HtrntNPXixnmOUZnRp6PCKtkUJSxq6aClGGkDR46cYsN4MnNqHKE6KGNJJV605+ZK9sqsyiwA12L/GsI7fnPODg1w7d5Jng+SRQO/CKMFfjtcJiMHTLLViNnkZixKAY2dTrDS5VgeeXClA2UNm8ioKcy4GOGVlJKO+etAleztfqaS+OrlKHTOBAxbcsda+BS72G+Sqfpb94U/u1kssz5oQfVtr5xPCnpTUPkq1/oo2lCydm8miP9rGa2lr9ju+1aw57Hm9UXupVNHzRauWign0jAVxf04ODR52nlhbCeMdDJK3AiiEGpET4ij+WO6fpSaiP+g/H4//mraIXfT6CMHvykc4kGKAh1iFNfRKPmlxVFlQb+qU6fq8oRrwUWPrUle/69LfqmqjcSMIa8PKIy8WSQzZ/U724hCJpqi7y9f7Lg4uQolXOHFwG3AeLyimhe1l2qqjOutSa+zXbPkDAYWEPSM0K2y6WBYtIDWWaiFYR3P6L84NzhzBRTdoU4b+Ui4Yx7Evthd+uP9xzsmgvTenaymxDv2WM4Zhs+Gj6iM/rzRiF8TzgcTHFTgG4TkvZ4sXqt5csu2C/XdU5Zzh/Qzli9bFFXjRncYoqgzT+xhDFhKhTI76pgHssaqIGSVY7oy1jlXpD7I/hkcM1OPBPUyoTxv/c+rA8PxVTf3KOSXUqByLrNHcPM1rpDCjGJJUoIBCocH+xzkaRYfebuFf/Fw7xrp/aIW6e8TsvtqKapYoJrmtf03g9I9tYXMRr6t7/LBczhnzCeJzeGDqvtdDYHJW2hz6oPanpPrfPa9DQf0FW+mcLazRhD6TXPUaEpDLJ+cdBZKTtkH1HWcFQnoXEUtD7s+OP+8Y0jvwM2WPS+59/Y04ETEKzVGRzxX7r+4JEH4Hm1PosfgXnDz/sgLpvQYvUyBmUimsdJWJOGWroi2ywJjhiE46IyQqIYLuoY8trJwIni3NrpxtM1eRt3O0LokNtC1ZyIojWG6XKb06ADyZgwEwYY/1F5B90b+4OO36uXFurPSnKnxthAzON3w/gOtvG0aMkaBlx/f/XUcMiG7duSPZPSd69iWKN+J6sLaJU723ljlba+kzc9Zs+mMCZ1745Xjj/UhIYtGAk47zLkMcWBK4IPK1w9lwdeOucnS4mNuAZaq3SuTBg4iazqf6/9QotzWWzKa0QRenWBwafM8vg8s+FixuDRUspvhRMB+E/wmg9GcjCLPo1JJx4zvRCfsGwAV7X9LuSBfHczoRsaxBujM7Nf5joGRoEeX/8p/CeaocLT6QftI5c7gGlA+7MItDlrePyjH8pA/ZTxvC7PJpTLx/zIsPFRm53tMaX5W10SHTSykKxVUWbjIJbSsJ8eXk9Sa3TYtZMS9nJ4PNgvyrktvpU5gEobI3CXOBMw8065hNpuMDjRbdHQFpghkbaHEtKX30ZmlT6HI4zYXe70mOlg2cYQcM4SazlMB9iS2hYSEWTwQLby8z4I3luxmSVoo7opSTcYP9SF1yaqLrADQwAaYEr3JZAXSoC5gAfr2kDEY4hpVe7JZcd9LizlA9PDKZtYZYwV5A7dryPThXXy14mWdUzLUOckeQAOm7miAJ4S+wmhmXvqaptr4o3TxqZGfPnQovBGfnBCcxCn9ARIDs1A0ThZGJJSLcOfrTkAWgr8oEH+o+x230azjoLQPWmsH3
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.9770638167747097 HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=8MUZbPUurnxoEkLgI6z8VgAAAACARcc4Jn96kvWALrVCvZB5; ___utmvc=b/MAY4IX3pMbsZxzoZV/8o1rId9/SyzvUe+m5N8A+eoJftUsM2+vBcAAiTrTTyUFDc1AttBUKXZ/bJ1IKZRl1PV9+6yAxiQYr9aOrCJV46rzagGaCBdQxA7wVd8yxy75C24QvAh2JBpmwxsWHYV7teq7cdm+n0fgcvWTwUDal/ko0EB05esPvhmB7DUq6ayHVTMKF1aDvGkXp/5m91ODApYmz8CbwStU3vk+pr7AXj7qmTb7tTIesn0qxgndbUOd0+UkJw701VeKCp7lbq7ES/TnPLxX7MeajkGSiEsXhCsp4lA6q59gfxJ1CwVtG6BSODOxryBBPWgdqf2iQ5+HtrntNPXixnmOUZnRp6PCKtkUJSxq6aClGGkDR46cYsN4MnNqHKE6KGNJJV605+ZK9sqsyiwA12L/GsI7fnPODg1w7d5Jng+SRQO/CKMFfjtcJiMHTLLViNnkZixKAY2dTrDS5VgeeXClA2UNm8ioKcy4GOGVlJKO+etAleztfqaS+OrlKHTOBAxbcsda+BS72G+Sqfpb94U/u1kssz5oQfVtr5xPCnpTUPkq1/oo2lCydm8miP9rGa2lr9ju+1aw57Hm9UXupVNHzRauWign0jAVxf04ODR52nlhbCeMdDJK3AiiEGpET4ij+WO6fpSaiP+g/H4//mraIXfT6CMHvykc4kGKAh1iFNfRKPmlxVFlQb+qU6fq8oRrwUWPrUle/69LfqmqjcSMIa8PKIy8WSQzZ/U724hCJpqi7y9f7Lg4uQolXOHFwG3AeLyimhe1l2qqjOutSa+zXbPkDAYWEPSM0K2y6WBYtIDWWaiFYR3P6L84NzhzBRTdoU4b+Ui4Yx7Evthd+uP9xzsmgvTenaymxDv2WM4Zhs+Gj6iM/rzRiF8TzgcTHFTgG4TkvZ4sXqt5csu2C/XdU5Zzh/Qzli9bFFXjRncYoqgzT+xhDFhKhTI76pgHssaqIGSVY7oy1jlXpD7I/hkcM1OPBPUyoTxv/c+rA8PxVTf3KOSXUqByLrNHcPM1rpDCjGJJUoIBCocH+xzkaRYfebuFf/Fw7xrp/aIW6e8TsvtqKapYoJrmtf03g9I9tYXMRr6t7/LBczhnzCeJzeGDqvtdDYHJW2hz6oPanpPrfPa9DQf0FW+mcLazRhD6TXPUaEpDLJ+cdBZKTtkH1HWcFQnoXEUtD7s+OP+8Y0jvwM2WPS+59/Y04ETEKzVGRzxX7r+4JEH4Hm1PosfgXnDz/sgLpvQYvUyBmUimsdJWJOGWroi2ywJjhiE46IyQqIYLuoY8trJwIni3NrpxtM1eRt3O0LokNtC1ZyIojWG6XKb06ADyZgwEwYY/1F5B90b+4OO36uXFurPSnKnxthAzON3w/gOtvG0aMkaBlx/f/XUcMiG7duSPZPSd69iWKN+J6sLaJU723ljlba+kzc9Zs+mMCZ1745Xjj/UhIYtGAk47zLkMcWBK4IPK1w9lwdeOucnS4mNuAZaq3SuTBg4iazqf6/9QotzWWzKa0QRenWBwafM8vg8s+FixuDRUspvhRMB+E/wmg9GcjCLPo1JJx4zvRCfsGwAV7X9LuSBfHczoRsaxBujM7Nf5joGRoEeX/8p/CeaocLT6QftI5c7gGlA+7MItDlrePyjH8pA/ZTxvC7PJpTLx/zIsPFRm53tMaX5W10SHTSykKxVUWbjIJbSsJ8eXk9Sa3TYtZMS9nJ4PNgvyrktvpU5gEobI3CXOBMw8065hNpuMDjRbdHQFpghkbaHEtKX30ZmlT6HI4zYXe70mOlg2cYQcM4SazlMB9iS2hYSEWTwQLby8z4I3luxmSVoo7opSTcYP9SF1yaqLrADQwAaYEr3JZAXSoC5gAfr2kDEY4hpVe7JZcd9LizlA9PDKZtYZYwV5A7dryPThXXy14mWdUzLUOckeQAOm7miAJ4S+wmhmXvqaptr4o3TxqZGfPnQovBGfnBCcxCn9ARIDs1A0ThZGJJSLcOfrTkAWgr8oEH+o+x230azjoLQPWmsH3
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=613944097 HTTP/1.1Host: www.zurich.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /tute-pot-is-a-Witch-not-the-lour-With-do-furthro HTTP/1.1Host: www.zurich.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /tute-pot-is-a-Witch-not-the-lour-With-do-furthro?d=www.zurich.de HTTP/1.1Host: www.zurich.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.9770638167747097 HTTP/1.1Host: www.zurich.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /-/media/themes/zwp/base/corp/scripts/ HTTP/1.1Host: www.zurich.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.zurich.de
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /tute-pot-is-a-Witch-not-the-lour-With-do-furthro?d=www.zurich.de HTTP/1.1Host: www.zurich.deConnection: keep-aliveContent-Length: 31128sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json; charset=utf-8Content-Type: text/plain; charset=utf-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.zurich.deSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=8MUZbPUurnxoEkLgI6z8VgAAAACARcc4Jn96kvWALrVCvZB5; ___utmvc=b/MAY4IX3pMbsZxzoZV/8o1rId9/SyzvUe+m5N8A+eoJftUsM2+vBcAAiTrTTyUFDc1AttBUKXZ/bJ1IKZRl1PV9+6yAxiQYr9aOrCJV46rzagGaCBdQxA7wVd8yxy75C24QvAh2JBpmwxsWHYV7teq7cdm+n0fgcvWTwUDal/ko0EB05esPvhmB7DUq6ayHVTMKF1aDvGkXp/5m91ODApYmz8CbwStU3vk+pr7AXj7qmTb7tTIesn0qxgndbUOd0+UkJw701VeKCp7lbq7ES/TnPLxX7MeajkGSiEsXhCsp4lA6q59gfxJ1CwVtG6BSODOxryBBPWgdqf2iQ5+HtrntNPXixnmOUZnRp6PCKtkUJSxq6aClGGkDR46cYsN4MnNqHKE6KGNJJV605+ZK9sqsyiwA12L/GsI7fnPODg1w7d5Jng+SRQO/CKMFfjtcJiMHTLLViNnkZixKAY2dTrDS5VgeeXClA2UNm8ioKcy4GOGVlJKO+etAleztfqaS+OrlKHTOBAxbcsda+BS72G+Sqfpb94U/u1kssz5oQfVtr5xPCnpTUPkq1/oo2lCydm8miP9rGa2lr9ju+1aw57Hm9UXupVNHzRauWign0jAVxf04ODR52nlhbCeMdDJK3AiiEGpET4ij+WO6fpSaiP+g/H4//mraIXfT6CMHvykc4kGKAh1iFNfRKPmlxVFlQb+qU6fq8oRrwUWPrUle/69LfqmqjcSMIa8PKIy8WSQzZ/U724hCJpqi7y9f7Lg4uQolXOHFwG3AeLyimhe1l2qqjOutSa+zXbPkDAYWEPSM0K2y6WBYtIDWWaiFYR3P6L84NzhzBRTdoU4b+Ui4Yx7Evthd+uP9xzsmgvTenaymxDv2WM4Zhs+Gj6iM/rzRiF8TzgcTHFTgG4TkvZ4sXqt5csu2C/XdU5Zzh/Qzli9bFFXjRncYoqgzT+xhDFhKhTI76pgHssaqIGSVY7oy1jlXpD7I/hkcM1OPBPUyoTxv/c+rA8PxVTf3KOSXUqByLrNHcPM1rpDCjGJJUoIBCocH+xzkaRYfebuFf/Fw7xrp/aIW6e8TsvtqKapYoJrmtf03g9I9tYXMRr6t7/LBczhnzCeJzeGDqvtdDYHJW2hz6oPanpPrfPa9DQf0FW+mcLazRhD6TXPUaEpDLJ+cdBZKTtkH1HWcFQnoXEUtD7s+OP+8Y0jvwM2WPS+59/Y04ETEKzVGRzxX7r+4JEH4Hm1PosfgXnDz/sgLpvQYvUyBmUimsdJWJOGWroi2ywJjhiE46IyQqIYLuoY8trJwIni3NrpxtM1eRt3O0LokNtC1ZyIojWG6XKb06ADyZgwEwYY/1F5B90b+4OO36uXFurPSnKnxthAzON3w/gOtvG0aMkaBlx/f/XUcMiG7duSPZPSd69iWKN+J6sLaJU723ljlba+kzc9Zs+mMCZ1745Xjj/UhIYtGAk47zLkMcWBK4IPK1w9lwdeOucnS4mNuAZaq3SuTBg4iazqf6/9QotzWWzKa0QRenWBwafM8vg8s+FixuDRUspvhRMB+E/wmg9GcjCLPo1JJx4zvRCfsGwAV7X9LuSBfHczoRsaxBujM7Nf5joGRoEeX/8p/CeaocLT6QftI5c7gGlA+7MItDlrePyjH8pA/ZTxvC7PJpTLx/zIsPFRm53tMaX5W10SHTSykKxVUWbjIJbSsJ8eXk9Sa3TYtZMS9nJ4PNgvyrktvpU5gEobI3CXOBMw8065hNpuMDjRbdHQFpghkbaHEtKX30ZmlT6HI4zYXe70mOlg2cYQcM4SazlMB9iS2hYSEWTwQLby8z4I3luxmSVoo7opSTcYP9SF1yaqLrADQwAaYEr3JZAXSoC5gAfr2kDEY4hpVe7JZcd9LizlA9PDKZtYZYwV5A7dryPThXXy14mWdUzLUOckeQAOm7miAJ4S+wmhmXvqaptr4

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/htmlRequest-Context: appId=cid-v1:648c23c9-8430-4ce1-9311-ffb49c7ec1cbX-XSS-Protection: 1; mode=blockDate: Mon, 30 Sep 2024 13:38:18 GMTConnection: closeX-CDN: ImpervaTransfer-Encoding: chunkedX-Iinfo: 42-9732675-9732676 NNNN CT(83 167 0) RT(1727703497561 212) q(0 0 3 -1) r(4 4) U11
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlRequest-Context: appId=cid-v1:648c23c9-8430-4ce1-9311-ffb49c7ec1cbX-XSS-Protection: 1; mode=blockDate: Mon, 30 Sep 2024 13:38:22 GMTConnection: closeX-CDN: ImpervaTransfer-Encoding: chunkedX-Iinfo: 57-97219612-97219674 NNNY CT(88 168 0) RT(1727703501667 235) q(0 0 0 -1) r(0 0) U11

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49728 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/14@10/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2248,i,5009889775871027961,5541317834577740252,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.zurich.de/-/media/themes/zwp/base/corp/scripts/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2248,i,5009889775871027961,5541317834577740252,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
45.60.154.97	c4ope.x.incapdns.net	United States	19551	INCAPSULAUS	false

Private

IP
192.168.2.8
192.168.2.9

Contacted Domains

Name	IP	Active
c4ope.x.incapdns.net	45.60.154.97	true
www.google.com	142.250.186.100	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
www.zurich.de	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.zurich.de/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=613944097	false	unknown
https://www.zurich.de/tute-pot-is-a-Witch-not-the-lour-With-do-furthro?d=www.zurich.de	false	unknown
http://www.zurich.de/-/media/themes/zwp/base/corp/scripts/	false	unknown
https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/	false	unknown
https://www.zurich.de/favicon.ico	false	unknown
https://www.zurich.de/_Incapsula_Resource?SWKMTFSR=1&e=0.9770638167747097	false	unknown
https://www.zurich.de/tute-pot-is-a-Witch-not-the-lour-With-do-furthro	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:38:16 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	FCE2F9527260E00CCF71D85E0B80629F	30291535BEDA350091CEDB26CBE0FCA159FABCC5	6B64B56522EFAB39194BFC47BD23E7F61ED6A811B94441E2DB889D924B930F90
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:38:16 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	08665F22B487598F8C4FDF623852DD21	EE52C6AF0783EDA2F62E96838F49F03A968A0930	919D3FA736CFD736F3C57E4531E4A334837917A56634FB00E6C61E2C17C1A589
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	54EB936D5902B096F84133D9FB66AE7F	F6563DAB4E84711F3BF36E0A11B3A3BADE8EE4C5	BF203C5C709A24E5DA31C0D587E61AE8F1C2D7E93EBBA4A31777A5710009FD34
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:38:16 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	F4E5E0F76F767243F2C24E2B466C6B4C	CCDF2251B05533A2FDDB514B855AD64166305718	92B2BBFF3D47ADA6FE710AF04D31ED975203779019CA69EABE0300BBE852B7F7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:38:16 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	E81AB43F564A05F02E2FAB1206CFD599	D0E67009C33EB965460B89AC1474A7FF541AFB48	57EAE8491B723B60D2882CFDA31844EB73CE31D8E6729CF13882A51EC95B2A2D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Sep 30 12:38:16 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	8281F0A5C6962E1EDA5B9DBC9D6ECC3E	0224CD5AA31E52604526137F1BC1CF70AA411C11	C79CC4DBB09A44D806019B3644CA1906978E93182D484F5EDC90BE88D21E199C
Chrome Cache Entry: 62	ASCII text, with very long lines (65536), with no line terminators	7C06F316F3C6573A07170D5B1CE83C96	6B34152F4A02F695D4760153F8478F6D9AA714E4	3EA8CAB601C1191806D950E39A83C748D46DF710AAFA00727DF2D3403006E0B4
Chrome Cache Entry: 63	ASCII text, with very long lines (65536), with no line terminators	7C06F316F3C6573A07170D5B1CE83C96	6B34152F4A02F695D4760153F8478F6D9AA714E4	3EA8CAB601C1191806D950E39A83C748D46DF710AAFA00727DF2D3403006E0B4
Chrome Cache Entry: 64	ASCII text, with very long lines (65536), with no line terminators	7C06F316F3C6573A07170D5B1CE83C96	6B34152F4A02F695D4760153F8478F6D9AA714E4	3EA8CAB601C1191806D950E39A83C748D46DF710AAFA00727DF2D3403006E0B4
Chrome Cache Entry: 65	HTML document, ASCII text, with CRLF line terminators	B4C659013ED32F798A357939BFB7633B	DD6C5D725064AF2191B856F8DDC2679CF5EDD40B	B83D19920FC25F61907683A5D6E8C0344CB000B202045CEB0AC439C2D4C73985
Chrome Cache Entry: 66	HTML document, ASCII text, with CRLF line terminators	8F1CE5C263583F6182B86003384874E1	D90770FC79CF1E00E594159DC18514F2F5E4BF9F	F2735314A01682C1DA740C4E269B17CBF8CFECCCC46A9AD4B08DC32483AFD374

Source: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/

HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49731 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49728 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49731 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET //-/media/themes/zwp/base/corp/scripts/ HTTP/1.1Host: www.zurich.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==
Source: global traffic	HTTP traffic detected: GET /tute-pot-is-a-Witch-not-the-lour-With-do-furthro HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=613944097 HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.9770638167747097 HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=8MUZbPUurnxoEkLgI6z8VgAAAACARcc4Jn96kvWALrVCvZB5; ___utmvc=b/MAY4IX3pMbsZxzoZV/8o1rId9/SyzvUe+m5N8A+eoJftUsM2+vBcAAiTrTTyUFDc1AttBUKXZ/bJ1IKZRl1PV9+6yAxiQYr9aOrCJV46rzagGaCBdQxA7wVd8yxy75C24QvAh2JBpmwxsWHYV7teq7cdm+n0fgcvWTwUDal/ko0EB05esPvhmB7DUq6ayHVTMKF1aDvGkXp/5m91ODApYmz8CbwStU3vk+pr7AXj7qmTb7tTIesn0qxgndbUOd0+UkJw701VeKCp7lbq7ES/TnPLxX7MeajkGSiEsXhCsp4lA6q59gfxJ1CwVtG6BSODOxryBBPWgdqf2iQ5+HtrntNPXixnmOUZnRp6PCKtkUJSxq6aClGGkDR46cYsN4MnNqHKE6KGNJJV605+ZK9sqsyiwA12L/GsI7fnPODg1w7d5Jng+SRQO/CKMFfjtcJiMHTLLViNnkZixKAY2dTrDS5VgeeXClA2UNm8ioKcy4GOGVlJKO+etAleztfqaS+OrlKHTOBAxbcsda+BS72G+Sqfpb94U/u1kssz5oQfVtr5xPCnpTUPkq1/oo2lCydm8miP9rGa2lr9ju+1aw57Hm9UXupVNHzRauWign0jAVxf04ODR52nlhbCeMdDJK3AiiEGpET4ij+WO6fpSaiP+g/H4//mraIXfT6CMHvykc4kGKAh1iFNfRKPmlxVFlQb+qU6fq8oRrwUWPrUle/69LfqmqjcSMIa8PKIy8WSQzZ/U724hCJpqi7y9f7Lg4uQolXOHFwG3AeLyimhe1l2qqjOutSa+zXbPkDAYWEPSM0K2y6WBYtIDWWaiFYR3P6L84NzhzBRTdoU4b+Ui4Yx7Evthd+uP9xzsmgvTenaymxDv2WM4Zhs+Gj6iM/rzRiF8TzgcTHFTgG4TkvZ4sXqt5csu2C/XdU5Zzh/Qzli9bFFXjRncYoqgzT+xhDFhKhTI76pgHssaqIGSVY7oy1jlXpD7I/hkcM1OPBPUyoTxv/c+rA8PxVTf3KOSXUqByLrNHcPM1rpDCjGJJUoIBCocH+xzkaRYfebuFf/Fw7xrp/aIW6e8TsvtqKapYoJrmtf03g9I9tYXMRr6t7/LBczhnzCeJzeGDqvtdDYHJW2hz6oPanpPrfPa9DQf0FW+mcLazRhD6TXPUaEpDLJ+cdBZKTtkH1HWcFQnoXEUtD7s+OP+8Y0jvwM2WPS+59/Y04ETEKzVGRzxX7r+4JEH4Hm1PosfgXnDz/sgLpvQYvUyBmUimsdJWJOGWroi2ywJjhiE46IyQqIYLuoY8trJwIni3NrpxtM1eRt3O0LokNtC1ZyIojWG6XKb06ADyZgwEwYY/1F5B90b+4OO36uXFurPSnKnxthAzON3w/gOtvG0aMkaBlx/f/XUcMiG7duSPZPSd69iWKN+J6sLaJU723ljlba+kzc9Zs+mMCZ1745Xjj/UhIYtGAk47zLkMcWBK4IPK1w9lwdeOucnS4mNuAZaq3SuTBg4iazqf6/9QotzWWzKa0QRenWBwafM8vg8s+FixuDRUspvhRMB+E/wmg9GcjCLPo1JJx4zvRCfsGwAV7X9LuSBfHczoRsaxBujM7Nf5joGRoEeX/8p/CeaocLT6QftI5c7gGlA+7MItDlrePyjH8pA/ZTxvC7PJpTLx/zIsPFRm53tMaX5W10SHTSykKxVUWbjIJbSsJ8eXk9Sa3TYtZMS9nJ4PNgvyrktvpU5gEobI3CXOBMw8065hNpuMDjRbdHQFpghkbaHEtKX30ZmlT6HI4zYXe70mOlg2cYQcM4SazlMB9iS2hYSEWTwQLby8z4I3luxmSVoo7opSTcYP9SF1yaqLrADQwAaYEr3JZAXSoC5gAfr2kDEY4hpVe7JZcd9LizlA9PDKZtYZYwV5A7dryPThXXy14mWdUzLUOckeQAOm7miAJ4S+wmhmXvqaptr4o3TxqZGfPnQovBGfnBCcxCn9ARIDs1A0ThZGJJSLcOfrTkAWgr8oEH+o+x230azjoLQPWmsH3
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.9770638167747097 HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=8MUZbPUurnxoEkLgI6z8VgAAAACARcc4Jn96kvWALrVCvZB5; ___utmvc=b/MAY4IX3pMbsZxzoZV/8o1rId9/SyzvUe+m5N8A+eoJftUsM2+vBcAAiTrTTyUFDc1AttBUKXZ/bJ1IKZRl1PV9+6yAxiQYr9aOrCJV46rzagGaCBdQxA7wVd8yxy75C24QvAh2JBpmwxsWHYV7teq7cdm+n0fgcvWTwUDal/ko0EB05esPvhmB7DUq6ayHVTMKF1aDvGkXp/5m91ODApYmz8CbwStU3vk+pr7AXj7qmTb7tTIesn0qxgndbUOd0+UkJw701VeKCp7lbq7ES/TnPLxX7MeajkGSiEsXhCsp4lA6q59gfxJ1CwVtG6BSODOxryBBPWgdqf2iQ5+HtrntNPXixnmOUZnRp6PCKtkUJSxq6aClGGkDR46cYsN4MnNqHKE6KGNJJV605+ZK9sqsyiwA12L/GsI7fnPODg1w7d5Jng+SRQO/CKMFfjtcJiMHTLLViNnkZixKAY2dTrDS5VgeeXClA2UNm8ioKcy4GOGVlJKO+etAleztfqaS+OrlKHTOBAxbcsda+BS72G+Sqfpb94U/u1kssz5oQfVtr5xPCnpTUPkq1/oo2lCydm8miP9rGa2lr9ju+1aw57Hm9UXupVNHzRauWign0jAVxf04ODR52nlhbCeMdDJK3AiiEGpET4ij+WO6fpSaiP+g/H4//mraIXfT6CMHvykc4kGKAh1iFNfRKPmlxVFlQb+qU6fq8oRrwUWPrUle/69LfqmqjcSMIa8PKIy8WSQzZ/U724hCJpqi7y9f7Lg4uQolXOHFwG3AeLyimhe1l2qqjOutSa+zXbPkDAYWEPSM0K2y6WBYtIDWWaiFYR3P6L84NzhzBRTdoU4b+Ui4Yx7Evthd+uP9xzsmgvTenaymxDv2WM4Zhs+Gj6iM/rzRiF8TzgcTHFTgG4TkvZ4sXqt5csu2C/XdU5Zzh/Qzli9bFFXjRncYoqgzT+xhDFhKhTI76pgHssaqIGSVY7oy1jlXpD7I/hkcM1OPBPUyoTxv/c+rA8PxVTf3KOSXUqByLrNHcPM1rpDCjGJJUoIBCocH+xzkaRYfebuFf/Fw7xrp/aIW6e8TsvtqKapYoJrmtf03g9I9tYXMRr6t7/LBczhnzCeJzeGDqvtdDYHJW2hz6oPanpPrfPa9DQf0FW+mcLazRhD6TXPUaEpDLJ+cdBZKTtkH1HWcFQnoXEUtD7s+OP+8Y0jvwM2WPS+59/Y04ETEKzVGRzxX7r+4JEH4Hm1PosfgXnDz/sgLpvQYvUyBmUimsdJWJOGWroi2ywJjhiE46IyQqIYLuoY8trJwIni3NrpxtM1eRt3O0LokNtC1ZyIojWG6XKb06ADyZgwEwYY/1F5B90b+4OO36uXFurPSnKnxthAzON3w/gOtvG0aMkaBlx/f/XUcMiG7duSPZPSd69iWKN+J6sLaJU723ljlba+kzc9Zs+mMCZ1745Xjj/UhIYtGAk47zLkMcWBK4IPK1w9lwdeOucnS4mNuAZaq3SuTBg4iazqf6/9QotzWWzKa0QRenWBwafM8vg8s+FixuDRUspvhRMB+E/wmg9GcjCLPo1JJx4zvRCfsGwAV7X9LuSBfHczoRsaxBujM7Nf5joGRoEeX/8p/CeaocLT6QftI5c7gGlA+7MItDlrePyjH8pA/ZTxvC7PJpTLx/zIsPFRm53tMaX5W10SHTSykKxVUWbjIJbSsJ8eXk9Sa3TYtZMS9nJ4PNgvyrktvpU5gEobI3CXOBMw8065hNpuMDjRbdHQFpghkbaHEtKX30ZmlT6HI4zYXe70mOlg2cYQcM4SazlMB9iS2hYSEWTwQLby8z4I3luxmSVoo7opSTcYP9SF1yaqLrADQwAaYEr3JZAXSoC5gAfr2kDEY4hpVe7JZcd9LizlA9PDKZtYZYwV5A7dryPThXXy14mWdUzLUOckeQAOm7miAJ4S+wmhmXvqaptr4o3TxqZGfPnQovBGfnBCcxCn9ARIDs1A0ThZGJJSLcOfrTkAWgr8oEH+o+x230azjoLQPWmsH3
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=613944097 HTTP/1.1Host: www.zurich.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /tute-pot-is-a-Witch-not-the-lour-With-do-furthro HTTP/1.1Host: www.zurich.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /tute-pot-is-a-Witch-not-the-lour-With-do-furthro?d=www.zurich.de HTTP/1.1Host: www.zurich.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.9770638167747097 HTTP/1.1Host: www.zurich.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.zurich.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zurich.de//-/media/themes/zwp/base/corp/scripts/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: visid_incap_270028=DDCLrak0RZy8i5jCALEuB8ip+mYAAAAAQUIPAAAAAAA1BQap4FkaUTxoyGMYci/J; nlbi_270028=j8i/fLdEJ2aqMumxI6z8VgAAAADC9BSkTk0GazkQ6EmfX1vz; incap_ses_1844_270028=HPsdV8sF0mSoJMLtXTSXGcmp+mYAAAAAHrl+Qp37LorgV1c6rLEQbw==; nlbi_270028_2147483392=q3uAZnYdTgSfQ+P/I6z8VgAAAADifn5PAvS5gzq7U/qpndmb; reese84=3:hy36WxUJQssAWVqFV1CccA==:nKPNFidSpRNQ2WUspIEHNsmQf2KPYmim5+2Pyjr3cM6u0p4R466nYMrGXhYQF5iq41Mkot9WmwNur7FGG/yzJOsjcX/jL7vYKOeoCqnf4OY9xcsIWHLDhtNUpDKAouYtozr3iEtTPyPTQ9hIymaCp5kkOF8WdkCOa8X4GPh8WGIqjUGQqeOR12NDD/l6RIWo3PSp5d3lewRSwXKHrxtc2h7/0t53joafsyrxTGngKOfLBy0lQ4KJnql3T5TlJpBdEzD6IiymkViBWr8qYROpDi+ALKFieemiUAQko5pZsLIDzSDJW8u7YshT41UytgOQgX2B4bLccAV3vrPQRz7dxUzG6324/yPz2VgMKZhNavgMEaRTE4fGQwjAwTCxIsOwhj5tPw/ZkZr1P8b2Es15fGzLDPOaOlGQ8VzLi5eM4uSz9vdFGI/btYG0qMQKuVcOX/vZl+6ze4XvGQcXOA6S4w==:Nv20wgxHW9rNUcuDZLt1KhAOxJohY2a7/lLMivsbo0Q=
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /-/media/themes/zwp/base/corp/scripts/ HTTP/1.1Host: www.zurich.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.zurich.de
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/htmlRequest-Context: appId=cid-v1:648c23c9-8430-4ce1-9311-ffb49c7ec1cbX-XSS-Protection: 1; mode=blockDate: Mon, 30 Sep 2024 13:38:18 GMTConnection: closeX-CDN: ImpervaTransfer-Encoding: chunkedX-Iinfo: 42-9732675-9732676 NNNN CT(83 167 0) RT(1727703497561 212) q(0 0 3 -1) r(4 4) U11
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlRequest-Context: appId=cid-v1:648c23c9-8430-4ce1-9311-ffb49c7ec1cbX-XSS-Protection: 1; mode=blockDate: Mon, 30 Sep 2024 13:38:22 GMTConnection: closeX-CDN: ImpervaTransfer-Encoding: chunkedX-Iinfo: 57-97219612-97219674 NNNY CT(88 168 0) RT(1727703501667 235) q(0 0 0 -1) r(0 0) U11

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.9:49728 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/14@10/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2248,i,5009889775871027961,5541317834577740252,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.zurich.de/-/media/themes/zwp/base/corp/scripts/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2248,i,5009889775871027961,5541317834577740252,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1522701
Product:	CloudBasic
Start time:	15:37:21
Start date:	30.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://www.zurich.de/-/media/themes/zwp/base/corp/scriΡts/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://www.zurich.de/-/media/themes/zwp/base/corp/scriΡts/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://www.zurich.de/-/media/themes/zwp/base/corp/scriΡts/