Edit tour

Windows Analysis Report
http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM

Overview

General Information

Sample URL:	http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7
Analysis ID:	1523726
Tags:	urlscan
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2300,i,17979060341038183232,2318402644242645953,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://london-heathrow.worlddutyfree.com/en/fod-discover-mms?utm_campaign=lhr_emotion_fod_mars&utm_medium=newsletter&utm_source=red?utm_source=newsletter&utm_medium=email&utm_campaign=RED_GL_LoyaltyLaunchSolus-NOCOM-ALL-01102024-1_XX&utm_term=d7105a5f-4617-ef11-9f89-000d3a22cea1

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49730 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49740 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49730 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM HTTP/1.1Host: t1.global.clubavolta.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: t1.global.clubavolta.com
Source: global traffic	DNS traffic detected: DNS query: london-heathrow.worlddutyfree.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: mediafiles.shopdutyfree.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1696488253X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581DX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900C4F3X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49740 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/3@10/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2300,i,17979060341038183232,2318402644242645953,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2300,i,17979060341038183232,2318402644242645953,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com	34.242.239.123	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
t1.global.clubavolta.com	unknown	unknown	false	unknown
mediafiles.shopdutyfree.com	unknown	unknown	false	unknown
london-heathrow.worlddutyfree.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM	false		unknown
https://london-heathrow.worlddutyfree.com/en/fod-discover-mms?utm_campaign=lhr_emotion_fod_mars&utm_medium=newsletter&utm_source=red?utm_source=newsletter&utm_medium=email&utm_campaign=RED_GL_LoyaltyLaunchSolus-NOCOM-ALL-01102024-1_XX&utm_term=d7105a5f-4617-ef11-9f89-000d3a22cea1	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
34.242.239.123	dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523726
Start date and time:	2024-10-02 00:27:40 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/3@10/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.23.99, 142.250.186.174, 64.233.166.84, 34.104.35.123, 2.18.64.6, 2.18.64.5, 2.18.64.8, 2.18.64.13, 13.85.23.86, 192.229.221.95, 199.232.214.172, 20.242.39.171, 93.184.221.240, 142.250.186.67, 199.232.210.172
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, e28876.dsca.akamaiedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, mag2mediafiles.edgekey.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, div6promainv2.edgekey.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, e40765.dsca.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://london-heathrow.worlddutyfree.com/en/fod-discover-mms?utm_campaign=lhr_emotion_fod_mars&utm_medium=newsletter&utm_source=red?utm_source=newsletter&utm_medium=email&utm_campaign=RED_GL_LoyaltyLaunchSolus-NOCOM-ALL-01102024-1_XX&utm_term=d7105a5f-46 Model: jbxai	{ "brand":["Dufry"], "contains_trigger_text":true, "trigger_text":"Dufry implements mechanisms to maintain a high level of service on our websites, which can include blocking of old web browsers that are misused by web spiders and scanners. We suggest upgrading your web browser to the most recent version of Chrome, Firefox, Safari or similar that is appropriate for your device.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: https://london-heathrow.worlddutyfree.com/en/fod-discover-mms?utm_campaign=lhr_emotion_fod_mars&utm_medium=newsletter&utm_source=red?utm_source=newsletter&utm_medium=email&utm_campaign=RED_GL_LoyaltyLaunchSolus-NOCOM-ALL-01102024-1_XX&utm_term=d7105a5f-46 Model: jbxai

{
"brand":["Dufry"],
"contains_trigger_text":true,
"trigger_text":"Dufry implements mechanisms to maintain a high level of service on our websites,
 which can include blocking of old web browsers that are misused by web spiders and scanners. We suggest upgrading your web browser to the most recent version of Chrome,
 Firefox,
 Safari or similar that is appropriate for your device.",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 331 x 171, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1588
Entropy (8bit):	7.609533922640709
Encrypted:	false
SSDEEP:	24:7FEPWNGcAOTNQaPQ0/EbiXoUv+r59iu8JRtPTRxbTpANGF0hd2U+SV1tN9c:7FuT1cNQaPQOloU2r58bhPv3pAd+h
MD5:	28481AA9A3464E60A7CF696FFA7FB563
SHA1:	8D4FF18D37AE45CD96237C9DF0DB1A9410805F66
SHA-256:	A202878E1C69E2C46CA192F3BADC234A40D15A8CF9627BCF10582786687AB7A6
SHA-512:	1EACB4E3AB3AAE593259421F2CE350D59FC89BD40EF343D85441E270E9C8096DF4C551B58592BFB68D4F87CB9C4A1FAF319FD73A81AB541235C2160D2FDDFE7F
Malicious:	false
Reputation:	low
URL:	https://mediafiles.shopdutyfree.com/dufry-logo.png
Preview:	.PNG........IHDR...K..........ZN....3PLTE...................................................J.Q7....tRNS...@. 0...P`.p...(~....orNT..w.....IDATx....E.G...O{.u.....&..u..V.r.............................................\|/..@.....\.........\|.e>.2.p.:...~]v.q..o..H.C8o.f#...R@Rd2t..;...h.Z..j.D ...[.6=.p{).A]".c.^....O./mI....5..S.a.W......_p\|....t...6..I....}...Ar.W.......Mn....62-z..-.aY....G.\Z1...\|a..a_..Z...(.....Hz.N&.19wr..'...._.....i4.3:..~.....u>.n..X=r..'.o...W.....mR.r1...W}..f..C...g....tyg..Y.M.T>j[6oq.vi..5.<_Z....M....[..\6....9..z..az@..\.2..\...z...Hz....l6..,...G..x.%...Bk<.qy..z.h1...5u?F'#.c.\|r\|.qI.6+.:]ruP..........@.%D..-!.Gb-..w.....t3l.....gr..LU.K.".~z'..........%.rv..%.%...j..E.....w.g;;.]J...vI...y$......I....w.k...h..ZQ.Y.\".8....Gr.....{...........V`.....S.....M...........6...nS...5...5...A*..x.`........7..7=L.v<...:.j........]..Dw?j.^........,...;G..Z..wo.}]J.Rdl@...'...[.&t<?.=X^...Z.khNh....$.R..

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 331 x 171, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1588
Entropy (8bit):	7.609533922640709
Encrypted:	false
SSDEEP:	24:7FEPWNGcAOTNQaPQ0/EbiXoUv+r59iu8JRtPTRxbTpANGF0hd2U+SV1tN9c:7FuT1cNQaPQOloU2r58bhPv3pAd+h
MD5:	28481AA9A3464E60A7CF696FFA7FB563
SHA1:	8D4FF18D37AE45CD96237C9DF0DB1A9410805F66
SHA-256:	A202878E1C69E2C46CA192F3BADC234A40D15A8CF9627BCF10582786687AB7A6
SHA-512:	1EACB4E3AB3AAE593259421F2CE350D59FC89BD40EF343D85441E270E9C8096DF4C551B58592BFB68D4F87CB9C4A1FAF319FD73A81AB541235C2160D2FDDFE7F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...K..........ZN....3PLTE...................................................J.Q7....tRNS...@. 0...P`.p...(~....orNT..w.....IDATx....E.G...O{.u.....&..u..V.r.............................................\|/..@.....\.........\|.e>.2.p.:...~]v.q..o..H.C8o.f#...R@Rd2t..;...h.Z..j.D ...[.6=.p{).A]".c.^....O./mI....5..S.a.W......_p\|....t...6..I....}...Ar.W.......Mn....62-z..-.aY....G.\Z1...\|a..a_..Z...(.....Hz.N&.19wr..'...._.....i4.3:..~.....u>.n..X=r..'.o...W.....mR.r1...W}..f..C...g....tyg..Y.M.T>j[6oq.vi..5.<_Z....M....[..\6....9..z..az@..\.2..\...z...Hz....l6..,...G..x.%...Bk<.qy..z.h1...5u?F'#.c.\|r\|.qI.6+.:]ruP..........@.%D..-!.Gb-..w.....t3l.....gr..LU.K.".~z'..........%.rv..%.%...j..E.....w.g;;.]J...vI...y$......I....w.k...h..ZQ.Y.\".8....Gr.....{...........V`.....S.....M...........6...nS...5...5...A*..x.`........7..7=L.v<...:.j........]..Dw?j.^........,...;G..Z..wo.}]J.Rdl@...'...[.&t<?.=X^...Z.khNh....$.R..

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 00:28:32.080563068 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:32.080744982 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:32.408710957 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:38.077354908 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:38.077403069 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:38.077457905 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:38.079112053 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:38.079124928 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:38.900490999 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:38.900590897 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:38.904073954 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:38.904087067 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:38.905942917 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:38.930681944 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:38.930736065 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:38.930749893 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:38.930888891 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:38.975395918 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:39.117939949 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:39.118180037 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:39.118226051 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:39.118522882 CEST	49710	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:39.118541956 CEST	443	49710	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:41.703649044 CEST	49674	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:41.703649044 CEST	49673	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:41.743280888 CEST	49716	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:28:41.743844032 CEST	49717	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:28:41.748842955 CEST	80	49716	34.242.239.123	192.168.2.6
Oct 2, 2024 00:28:41.748861074 CEST	80	49717	34.242.239.123	192.168.2.6
Oct 2, 2024 00:28:41.748944998 CEST	49716	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:28:41.748991966 CEST	49717	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:28:41.749193907 CEST	49716	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:28:41.754198074 CEST	80	49716	34.242.239.123	192.168.2.6
Oct 2, 2024 00:28:42.016978025 CEST	49672	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:42.681924105 CEST	80	49716	34.242.239.123	192.168.2.6
Oct 2, 2024 00:28:42.682497025 CEST	80	49716	34.242.239.123	192.168.2.6
Oct 2, 2024 00:28:42.682574987 CEST	49716	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:28:43.585412979 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:43.585458994 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:28:43.585685015 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:43.586232901 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:43.586246967 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:28:44.545907021 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:44.545941114 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:44.546019077 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:44.551904917 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:28:44.553955078 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:44.553975105 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:28:44.555704117 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:28:44.555766106 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:44.565722942 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:44.565738916 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:44.629245996 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:44.629561901 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:28:44.683434010 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:44.683449984 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:28:44.726839066 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:44.894680977 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:44.894781113 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:45.412677050 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:45.412760019 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.599507093 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.599525928 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:45.600496054 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:45.643341064 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.691032887 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.735404968 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:45.886302948 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:45.886471987 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:45.886564016 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.886765957 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.886789083 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:45.886842966 CEST	49722	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.886854887 CEST	443	49722	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:45.930608034 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.930697918 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:45.930813074 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.931157112 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:45.931190968 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:46.632767916 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:46.632860899 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:46.636712074 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:46.636739016 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:46.637156963 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:46.638649940 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:46.679421902 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:46.915913105 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:46.915980101 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:46.916069031 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:46.917341948 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:46.917404890 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:46.917443037 CEST	49724	443	192.168.2.6	184.28.90.27
Oct 2, 2024 00:28:46.917459965 CEST	443	49724	184.28.90.27	192.168.2.6
Oct 2, 2024 00:28:49.666572094 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:49.666620016 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:49.666727066 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:49.667387962 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:49.667397976 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:50.810755014 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:50.810935020 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:50.814385891 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:50.814412117 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:50.814642906 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:50.816966057 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:50.816966057 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:50.816982031 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:50.817130089 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:50.859404087 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:51.340257883 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:51.340327978 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:51.340396881 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:51.340655088 CEST	49728	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:28:51.340676069 CEST	443	49728	40.115.3.253	192.168.2.6
Oct 2, 2024 00:28:52.830249071 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:52.830374002 CEST	49705	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:52.832746029 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:52.832787991 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:52.832869053 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:52.833276987 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:52.833292007 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:52.835366964 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:52.835792065 CEST	443	49705	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:53.426246881 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:53.426327944 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:54.136107922 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:28:54.136183977 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:28:54.136241913 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:54.720877886 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:54.720901012 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:54.721357107 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:54.721486092 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:54.725286007 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:54.725310087 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:54.725502014 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:54.767409086 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:55.029397011 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:55.029686928 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:55.029975891 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:55.030036926 CEST	443	49730	173.222.162.64	192.168.2.6
Oct 2, 2024 00:28:55.030047894 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:55.030095100 CEST	49730	443	192.168.2.6	173.222.162.64
Oct 2, 2024 00:28:55.770936966 CEST	49721	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:28:55.770979881 CEST	443	49721	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:03.150513887 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:03.150568008 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:03.150717974 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:03.151613951 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:03.151628017 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:03.949673891 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:03.949757099 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:03.962023020 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:03.962045908 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:03.962321043 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:03.968494892 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:03.968565941 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:03.968575001 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:03.968683958 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:04.011411905 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:04.142333984 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:04.142421961 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:04.142482042 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:04.142735958 CEST	49733	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:04.142759085 CEST	443	49733	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:20.373105049 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:20.373172998 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:20.373264074 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:20.375014067 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:20.375034094 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:21.335552931 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:21.335661888 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:21.337969065 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:21.337996960 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:21.338263988 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:21.339771032 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:21.339833021 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:21.339844942 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:21.339937925 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:21.383410931 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:21.520046949 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:21.520131111 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:21.520406008 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:21.520798922 CEST	49734	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:21.520818949 CEST	443	49734	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:26.755052090 CEST	49717	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:29:26.762593985 CEST	80	49717	34.242.239.123	192.168.2.6
Oct 2, 2024 00:29:27.689121962 CEST	49716	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:29:27.696135998 CEST	80	49716	34.242.239.123	192.168.2.6
Oct 2, 2024 00:29:39.525561094 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:39.525618076 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:39.525715113 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:39.526463985 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:39.526475906 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:40.327486992 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:40.327606916 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:40.421564102 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:40.421602011 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:40.421989918 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:40.448805094 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:40.448992014 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:40.449003935 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:40.449379921 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:40.491410017 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:40.619504929 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:40.619610071 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:40.619683027 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:40.620086908 CEST	49737	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:40.620106936 CEST	443	49737	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:41.768371105 CEST	49717	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:29:41.775264978 CEST	80	49717	34.242.239.123	192.168.2.6
Oct 2, 2024 00:29:41.775335073 CEST	49717	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:29:42.355423927 CEST	80	49716	34.242.239.123	192.168.2.6
Oct 2, 2024 00:29:42.355489969 CEST	49716	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:29:43.626787901 CEST	49716	80	192.168.2.6	34.242.239.123
Oct 2, 2024 00:29:43.627127886 CEST	49738	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:29:43.627197981 CEST	443	49738	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:43.627274990 CEST	49738	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:29:43.627645969 CEST	49738	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:29:43.627659082 CEST	443	49738	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:43.631675959 CEST	80	49716	34.242.239.123	192.168.2.6
Oct 2, 2024 00:29:44.264724016 CEST	443	49738	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:44.265320063 CEST	49738	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:29:44.265355110 CEST	443	49738	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:44.265687943 CEST	443	49738	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:44.266980886 CEST	49738	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:29:44.267045975 CEST	443	49738	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:44.312927008 CEST	49738	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:29:54.210438013 CEST	443	49738	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:54.210516930 CEST	443	49738	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:54.210572004 CEST	49738	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:29:55.772813082 CEST	49738	443	192.168.2.6	142.250.185.132
Oct 2, 2024 00:29:55.772840023 CEST	443	49738	142.250.185.132	192.168.2.6
Oct 2, 2024 00:29:59.478108883 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:59.478203058 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:29:59.478308916 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:59.478920937 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:29:59.478955030 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:30:00.269833088 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:30:00.270231962 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:30:00.273861885 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:30:00.273895979 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:30:00.274163961 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:30:00.276185989 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:30:00.276185989 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:30:00.276230097 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:30:00.276397943 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:30:00.323393106 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:30:00.451251984 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:30:00.451340914 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:30:00.451967001 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:30:00.452538013 CEST	49740	443	192.168.2.6	40.115.3.253
Oct 2, 2024 00:30:00.452578068 CEST	443	49740	40.115.3.253	192.168.2.6
Oct 2, 2024 00:30:00.452627897 CEST	49740	443	192.168.2.6	40.115.3.253

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 00:28:39.534265041 CEST	53	61121	1.1.1.1	192.168.2.6
Oct 2, 2024 00:28:39.550793886 CEST	53	57054	1.1.1.1	192.168.2.6
Oct 2, 2024 00:28:40.636218071 CEST	53	62622	1.1.1.1	192.168.2.6
Oct 2, 2024 00:28:41.411525965 CEST	53322	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:41.411660910 CEST	62802	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:41.729931116 CEST	53	53322	1.1.1.1	192.168.2.6
Oct 2, 2024 00:28:41.742376089 CEST	53	62802	1.1.1.1	192.168.2.6
Oct 2, 2024 00:28:43.175729036 CEST	60450	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:43.176532030 CEST	50750	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:43.573597908 CEST	60417	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:43.574218988 CEST	64410	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:43.582227945 CEST	53	60417	1.1.1.1	192.168.2.6
Oct 2, 2024 00:28:43.583832979 CEST	53	64410	1.1.1.1	192.168.2.6
Oct 2, 2024 00:28:44.742750883 CEST	49526	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:44.745995998 CEST	65159	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:46.109436035 CEST	55284	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:46.109627008 CEST	61306	53	192.168.2.6	1.1.1.1
Oct 2, 2024 00:28:57.697895050 CEST	53	58754	1.1.1.1	192.168.2.6
Oct 2, 2024 00:29:16.622272015 CEST	53	56420	1.1.1.1	192.168.2.6
Oct 2, 2024 00:29:39.051117897 CEST	53	57059	1.1.1.1	192.168.2.6
Oct 2, 2024 00:29:39.319643021 CEST	53	59891	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 00:28:41.411525965 CEST	192.168.2.6	1.1.1.1	0xee2e	Standard query (0)	t1.global.clubavolta.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:41.411660910 CEST	192.168.2.6	1.1.1.1	0xeb0a	Standard query (0)	t1.global.clubavolta.com	65	IN (0x0001)	false
Oct 2, 2024 00:28:43.175729036 CEST	192.168.2.6	1.1.1.1	0xfd3c	Standard query (0)	london-heathrow.worlddutyfree.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:43.176532030 CEST	192.168.2.6	1.1.1.1	0x3b2d	Standard query (0)	london-heathrow.worlddutyfree.com	65	IN (0x0001)	false
Oct 2, 2024 00:28:43.573597908 CEST	192.168.2.6	1.1.1.1	0xc760	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:43.574218988 CEST	192.168.2.6	1.1.1.1	0xee17	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 2, 2024 00:28:44.742750883 CEST	192.168.2.6	1.1.1.1	0x4520	Standard query (0)	mediafiles.shopdutyfree.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:44.745995998 CEST	192.168.2.6	1.1.1.1	0xdc9c	Standard query (0)	mediafiles.shopdutyfree.com	65	IN (0x0001)	false
Oct 2, 2024 00:28:46.109436035 CEST	192.168.2.6	1.1.1.1	0x8726	Standard query (0)	mediafiles.shopdutyfree.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:46.109627008 CEST	192.168.2.6	1.1.1.1	0x62d0	Standard query (0)	mediafiles.shopdutyfree.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 00:28:41.729931116 CEST	1.1.1.1	192.168.2.6	0xee2e	No error (0)	t1.global.clubavolta.com	dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 00:28:41.729931116 CEST	1.1.1.1	192.168.2.6	0xee2e	No error (0)	dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com		34.242.239.123	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:41.729931116 CEST	1.1.1.1	192.168.2.6	0xee2e	No error (0)	dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com		34.251.58.245	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:41.742376089 CEST	1.1.1.1	192.168.2.6	0xeb0a	No error (0)	t1.global.clubavolta.com	dufry-mkt-prod1-yruh3-1226087420.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 00:28:43.202241898 CEST	1.1.1.1	192.168.2.6	0x3b2d	No error (0)	london-heathrow.worlddutyfree.com	div6promainv2.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 00:28:43.229101896 CEST	1.1.1.1	192.168.2.6	0xfd3c	No error (0)	london-heathrow.worlddutyfree.com	div6promainv2.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 00:28:43.582227945 CEST	1.1.1.1	192.168.2.6	0xc760	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:43.583832979 CEST	1.1.1.1	192.168.2.6	0xee17	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2024 00:28:44.757249117 CEST	1.1.1.1	192.168.2.6	0xdc9c	No error (0)	mediafiles.shopdutyfree.com	mag2mediafiles.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 00:28:44.788187981 CEST	1.1.1.1	192.168.2.6	0x4520	No error (0)	mediafiles.shopdutyfree.com	mag2mediafiles.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 00:28:46.129734039 CEST	1.1.1.1	192.168.2.6	0x62d0	No error (0)	mediafiles.shopdutyfree.com	mag2mediafiles.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 00:28:46.161675930 CEST	1.1.1.1	192.168.2.6	0x8726	No error (0)	mediafiles.shopdutyfree.com	mag2mediafiles.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 00:28:53.429112911 CEST	1.1.1.1	192.168.2.6	0x1f5c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 00:28:53.429112911 CEST	1.1.1.1	192.168.2.6	0x1f5c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:54.613107920 CEST	1.1.1.1	192.168.2.6	0xbcb	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:28:54.613107920 CEST	1.1.1.1	192.168.2.6	0xbcb	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:29:32.629550934 CEST	1.1.1.1	192.168.2.6	0x186	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:29:32.629550934 CEST	1.1.1.1	192.168.2.6	0x186	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:29:54.365209103 CEST	1.1.1.1	192.168.2.6	0xb1d1	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:29:54.365209103 CEST	1.1.1.1	192.168.2.6	0xb1d1	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

https:

www.bing.com

t1.global.clubavolta.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49716	34.242.239.123	80	712	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 00:28:41.749193907 CEST	644	OUT	GET /r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM HTTP/1.1 Host: t1.global.clubavolta.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 2, 2024 00:28:42.681924105 CEST	792	IN	HTTP/1.1 302 Found Date: Tue, 01 Oct 2024 22:28:42 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 17 Connection: keep-alive Server: Apache P3P: CP="CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV" Location: https://london-heathrow.worlddutyfree.com/en/fod-discover-mms?utm_campaign=lhr_emotion_fod_mars&utm_medium=newsletter&utm_source=red?utm_source=newsletter&utm_medium=email&utm_campaign=RED_GL_LoyaltyLaunchSolus-NOCOM-ALL-01102024-1_XX&utm_term=d7105a5f-4617-ef11-9f89-000d3a22cea1 Set-Cookie: AMCV_B72759175BC87D800A495D6D%40AdobeOrg=MCMID%7C10628495120594370550037884600713213943; Domain=clubavolta.com; Path=/; Expires=Wed, 02-Apr-2025 13:48:42 GMT Set-Cookie: nlid=53ebcb4b\|29506a5f; Domain=clubavolta.com; Path=/ X-Robots-Tag: noindex Data Raw: 54 65 6d 70 6f 72 61 72 69 6c 79 20 6d 6f 76 65 64 Data Ascii: Temporarily moved
Oct 2, 2024 00:28:42.682497025 CEST	792	IN	HTTP/1.1 302 Found Date: Tue, 01 Oct 2024 22:28:42 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 17 Connection: keep-alive Server: Apache P3P: CP="CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV" Location: https://london-heathrow.worlddutyfree.com/en/fod-discover-mms?utm_campaign=lhr_emotion_fod_mars&utm_medium=newsletter&utm_source=red?utm_source=newsletter&utm_medium=email&utm_campaign=RED_GL_LoyaltyLaunchSolus-NOCOM-ALL-01102024-1_XX&utm_term=d7105a5f-4617-ef11-9f89-000d3a22cea1 Set-Cookie: AMCV_B72759175BC87D800A495D6D%40AdobeOrg=MCMID%7C10628495120594370550037884600713213943; Domain=clubavolta.com; Path=/; Expires=Wed, 02-Apr-2025 13:48:42 GMT Set-Cookie: nlid=53ebcb4b\|29506a5f; Domain=clubavolta.com; Path=/ X-Robots-Tag: noindex Data Raw: 54 65 6d 70 6f 72 61 72 69 6c 79 20 6d 6f 76 65 64 Data Ascii: Temporarily moved
Oct 2, 2024 00:29:27.689121962 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49717	34.242.239.123	80	712	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 00:29:26.755052090 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49710	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:28:38 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 6e 41 53 47 5a 77 55 58 45 53 31 67 70 79 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 62 65 33 62 36 66 30 66 32 37 31 32 30 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: lnASGZwUXES1gpyU.1Context: f8be3b6f0f27120d
2024-10-01 22:28:38 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 22:28:38 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6c 6e 41 53 47 5a 77 55 58 45 53 31 67 70 79 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 62 65 33 62 36 66 30 66 32 37 31 32 30 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 46 70 63 38 34 47 6f 5a 78 67 48 33 43 38 46 36 53 59 32 4d 4d 4c 45 64 4f 54 32 4a 52 65 79 51 50 50 5a 38 31 41 76 4b 58 6b 61 2f 47 77 6c 63 4b 49 4b 58 56 32 5a 33 59 62 58 43 44 47 64 62 79 7a 43 74 72 74 4e 75 46 4a 46 52 71 4c 66 4b 55 32 43 46 6d 44 4a 6f 58 5a 62 79 45 62 56 42 59 5a 53 55 69 42 6a 33 78 4f 31 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: lnASGZwUXES1gpyU.2Context: f8be3b6f0f27120d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeFpc84GoZxgH3C8F6SY2MMLEdOT2JReyQPPZ81AvKXka/GwlcKIKXV2Z3YbXCDGdbyzCtrtNuFJFRqLfKU2CFmDJoXZbyEbVBYZSUiBj3xO1S
2024-10-01 22:28:38 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6c 6e 41 53 47 5a 77 55 58 45 53 31 67 70 79 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 62 65 33 62 36 66 30 66 32 37 31 32 30 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: lnASGZwUXES1gpyU.3Context: f8be3b6f0f27120d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 22:28:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 22:28:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4e 4f 35 56 42 48 4d 37 63 6b 4f 75 41 35 4c 37 36 65 6c 39 64 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: NO5VBHM7ckOuA5L76el9dQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49722	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:28:45 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 22:28:45 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=152225 Date: Tue, 01 Oct 2024 22:28:45 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:28:46 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 22:28:46 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=152168 Date: Tue, 01 Oct 2024 22:28:46 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-01 22:28:46 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49728	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:28:50 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 4a 67 58 64 4f 54 42 37 30 65 32 48 49 31 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 37 38 37 36 38 39 61 66 34 62 38 66 31 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: UJgXdOTB70e2HI1U.1Context: ba787689af4b8f12
2024-10-01 22:28:50 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 22:28:50 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 55 4a 67 58 64 4f 54 42 37 30 65 32 48 49 31 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 37 38 37 36 38 39 61 66 34 62 38 66 31 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 46 70 63 38 34 47 6f 5a 78 67 48 33 43 38 46 36 53 59 32 4d 4d 4c 45 64 4f 54 32 4a 52 65 79 51 50 50 5a 38 31 41 76 4b 58 6b 61 2f 47 77 6c 63 4b 49 4b 58 56 32 5a 33 59 62 58 43 44 47 64 62 79 7a 43 74 72 74 4e 75 46 4a 46 52 71 4c 66 4b 55 32 43 46 6d 44 4a 6f 58 5a 62 79 45 62 56 42 59 5a 53 55 69 42 6a 33 78 4f 31 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: UJgXdOTB70e2HI1U.2Context: ba787689af4b8f12<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeFpc84GoZxgH3C8F6SY2MMLEdOT2JReyQPPZ81AvKXka/GwlcKIKXV2Z3YbXCDGdbyzCtrtNuFJFRqLfKU2CFmDJoXZbyEbVBYZSUiBj3xO1S
2024-10-01 22:28:50 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 4a 67 58 64 4f 54 42 37 30 65 32 48 49 31 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 37 38 37 36 38 39 61 66 34 62 38 66 31 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: UJgXdOTB70e2HI1U.3Context: ba787689af4b8f12<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 22:28:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 22:28:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 78 67 70 73 61 33 49 2f 72 6b 36 70 2f 58 4c 54 49 6b 79 78 36 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: xgpsa3I/rk6p/XLTIkyx6Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49730	173.222.162.64	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:28:54 UTC	2256	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900C4F3 X-BM-CBT: 1696488253 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581D X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900C4F3 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 516 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
2024-10-01 22:28:54 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-10-01 22:28:54 UTC	515	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 38 31 43 36 31 45 30 39 34 39 38 44 34 31 43 43 39 37 43 44 42 42 41 33 35 34 38 32 34 45 44 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 35 31 41 41 38 32 41 45 39 30 43 34 36 36 39 39 46 35 42 31 46 45 33 34 32 42 45 37 45 31 30 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>81C61E09498D41CC97CDBBA354824ED1</CID><Events><E><T>Event.ClientInst</T><IG>351AA82AE90C46699F5B1FE342BE7E10</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-10-01 22:28:55 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 9C057D6BBF0344A5B964C281C6216057 Ref B: LAX311000109031 Ref C: 2024-10-01T22:28:54Z Date: Tue, 01 Oct 2024 22:28:54 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.3ca6dc17.1727821734.24205898

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49733	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:29:03 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6d 59 65 50 6a 79 6e 33 67 6b 53 73 78 4a 4c 6f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 34 63 33 32 61 35 64 65 38 63 34 37 37 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: mYePjyn3gkSsxJLo.1Context: d74c32a5de8c477f
2024-10-01 22:29:03 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 22:29:03 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6d 59 65 50 6a 79 6e 33 67 6b 53 73 78 4a 4c 6f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 34 63 33 32 61 35 64 65 38 63 34 37 37 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 46 70 63 38 34 47 6f 5a 78 67 48 33 43 38 46 36 53 59 32 4d 4d 4c 45 64 4f 54 32 4a 52 65 79 51 50 50 5a 38 31 41 76 4b 58 6b 61 2f 47 77 6c 63 4b 49 4b 58 56 32 5a 33 59 62 58 43 44 47 64 62 79 7a 43 74 72 74 4e 75 46 4a 46 52 71 4c 66 4b 55 32 43 46 6d 44 4a 6f 58 5a 62 79 45 62 56 42 59 5a 53 55 69 42 6a 33 78 4f 31 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: mYePjyn3gkSsxJLo.2Context: d74c32a5de8c477f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeFpc84GoZxgH3C8F6SY2MMLEdOT2JReyQPPZ81AvKXka/GwlcKIKXV2Z3YbXCDGdbyzCtrtNuFJFRqLfKU2CFmDJoXZbyEbVBYZSUiBj3xO1S
2024-10-01 22:29:03 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6d 59 65 50 6a 79 6e 33 67 6b 53 73 78 4a 4c 6f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 34 63 33 32 61 35 64 65 38 63 34 37 37 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: mYePjyn3gkSsxJLo.3Context: d74c32a5de8c477f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 22:29:04 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 22:29:04 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4d 2f 78 64 56 47 6b 78 66 55 61 57 54 50 4d 38 56 4d 41 6d 56 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: M/xdVGkxfUaWTPM8VMAmVw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49734	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:29:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 4d 52 7a 4c 31 42 5a 2b 55 65 48 39 41 56 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 66 30 38 39 31 64 32 34 31 65 30 36 38 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: NMRzL1BZ+UeH9AVl.1Context: 7af0891d241e068c
2024-10-01 22:29:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 22:29:21 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4e 4d 52 7a 4c 31 42 5a 2b 55 65 48 39 41 56 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 66 30 38 39 31 64 32 34 31 65 30 36 38 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 46 70 63 38 34 47 6f 5a 78 67 48 33 43 38 46 36 53 59 32 4d 4d 4c 45 64 4f 54 32 4a 52 65 79 51 50 50 5a 38 31 41 76 4b 58 6b 61 2f 47 77 6c 63 4b 49 4b 58 56 32 5a 33 59 62 58 43 44 47 64 62 79 7a 43 74 72 74 4e 75 46 4a 46 52 71 4c 66 4b 55 32 43 46 6d 44 4a 6f 58 5a 62 79 45 62 56 42 59 5a 53 55 69 42 6a 33 78 4f 31 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: NMRzL1BZ+UeH9AVl.2Context: 7af0891d241e068c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeFpc84GoZxgH3C8F6SY2MMLEdOT2JReyQPPZ81AvKXka/GwlcKIKXV2Z3YbXCDGdbyzCtrtNuFJFRqLfKU2CFmDJoXZbyEbVBYZSUiBj3xO1S
2024-10-01 22:29:21 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 4d 52 7a 4c 31 42 5a 2b 55 65 48 39 41 56 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 66 30 38 39 31 64 32 34 31 65 30 36 38 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: NMRzL1BZ+UeH9AVl.3Context: 7af0891d241e068c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 22:29:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 22:29:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 43 65 49 68 77 43 44 55 35 30 71 48 4d 39 4a 50 4c 2f 53 71 4a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: CeIhwCDU50qHM9JPL/SqJA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49737	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:29:40 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 6f 68 64 50 6a 62 57 30 45 43 58 68 53 6c 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 38 39 31 62 66 32 65 64 63 63 64 65 38 39 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: vohdPjbW0ECXhSlG.1Context: d891bf2edccde896
2024-10-01 22:29:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 22:29:40 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 76 6f 68 64 50 6a 62 57 30 45 43 58 68 53 6c 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 38 39 31 62 66 32 65 64 63 63 64 65 38 39 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 46 70 63 38 34 47 6f 5a 78 67 48 33 43 38 46 36 53 59 32 4d 4d 4c 45 64 4f 54 32 4a 52 65 79 51 50 50 5a 38 31 41 76 4b 58 6b 61 2f 47 77 6c 63 4b 49 4b 58 56 32 5a 33 59 62 58 43 44 47 64 62 79 7a 43 74 72 74 4e 75 46 4a 46 52 71 4c 66 4b 55 32 43 46 6d 44 4a 6f 58 5a 62 79 45 62 56 42 59 5a 53 55 69 42 6a 33 78 4f 31 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: vohdPjbW0ECXhSlG.2Context: d891bf2edccde896<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeFpc84GoZxgH3C8F6SY2MMLEdOT2JReyQPPZ81AvKXka/GwlcKIKXV2Z3YbXCDGdbyzCtrtNuFJFRqLfKU2CFmDJoXZbyEbVBYZSUiBj3xO1S
2024-10-01 22:29:40 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 6f 68 64 50 6a 62 57 30 45 43 58 68 53 6c 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 38 39 31 62 66 32 65 64 63 63 64 65 38 39 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: vohdPjbW0ECXhSlG.3Context: d891bf2edccde896<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 22:29:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 22:29:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 34 51 42 2f 47 68 71 50 79 55 69 30 36 54 4b 2f 70 6d 55 32 67 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 4QB/GhqPyUi06TK/pmU2gg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49740	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:30:00 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2b 37 50 6a 54 31 58 67 4f 6b 6d 49 66 48 56 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 37 61 36 64 65 66 39 39 39 37 31 33 36 32 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: +7PjT1XgOkmIfHVK.1Context: b7a6def999713627
2024-10-01 22:30:00 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 22:30:00 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2b 37 50 6a 54 31 58 67 4f 6b 6d 49 66 48 56 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 37 61 36 64 65 66 39 39 39 37 31 33 36 32 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 46 70 63 38 34 47 6f 5a 78 67 48 33 43 38 46 36 53 59 32 4d 4d 4c 45 64 4f 54 32 4a 52 65 79 51 50 50 5a 38 31 41 76 4b 58 6b 61 2f 47 77 6c 63 4b 49 4b 58 56 32 5a 33 59 62 58 43 44 47 64 62 79 7a 43 74 72 74 4e 75 46 4a 46 52 71 4c 66 4b 55 32 43 46 6d 44 4a 6f 58 5a 62 79 45 62 56 42 59 5a 53 55 69 42 6a 33 78 4f 31 53 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: +7PjT1XgOkmIfHVK.2Context: b7a6def999713627<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeFpc84GoZxgH3C8F6SY2MMLEdOT2JReyQPPZ81AvKXka/GwlcKIKXV2Z3YbXCDGdbyzCtrtNuFJFRqLfKU2CFmDJoXZbyEbVBYZSUiBj3xO1S
2024-10-01 22:30:00 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2b 37 50 6a 54 31 58 67 4f 6b 6d 49 66 48 56 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 37 61 36 64 65 66 39 39 39 37 31 33 36 32 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: +7PjT1XgOkmIfHVK.3Context: b7a6def999713627<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 22:30:00 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-10-01 22:30:00 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 35 78 2b 32 79 77 46 69 72 30 71 66 4e 41 44 37 50 34 6d 71 33 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 5x+2ywFir0qfNAD7P4mq3g.0Payload parsing failed.

Target ID:	0
Start time:	18:28:33
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:28:37
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2300,i,17979060341038183232,2318402644242645953,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:28:40
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6200, Parent PID: 988

General

Chronological Activities

Analysis Process: chrome.exePID: 712, Parent PID: 6200

General

Chronological Activities

Analysis Process: chrome.exePID: 7164, Parent PID: 988

General

Chronological Activities

Disassembly

Windows Analysis Report
http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba42&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=UL5lq7ppKAS2OdQyUJwpwtyFXZuFNbm2B-aphPNByoM