Play interactive tourEdit tour

Windows Analysis Report
https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-

Overview

General Information

Sample URL:	https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea
Analysis ID:	1541500
Infos:

Detection

Phisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Phisher

Creates files inside the system directory

Deletes files inside the Windows folder

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Usage Of Web Request Commands And Cmdlets

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Very long command line found

Classification

×

System Summary

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lh

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_131, type: DROPPED

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://www.inparsolucoes.com.br/images/pbcmc.php

HTTP Parser: aesparza@wcepinc.com

HTML page contains hidden javascript code

Source: file:///C:/Users/user/Desktop/download/FaxDocument-873422-Wcepinc-Transmission.html

HTTP Parser: Base64 decoded: needlessness{display:inline-block;position:relative;width:80px;height:80px}.needlessness div{animation:1.2s cubic-bezier(.5,0,.5,1) infinite needlessness;transform-origin:40px 40px}.needlessness div:after{content:" ";display:block;position:absolute;width:...

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Source: https://www.inparsolucoes.com.br/images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork

HTTP Parser: var academy= document.createelement("script");academy.setattribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");document.head.append(academy);academy.onload=function(){var {a,b,c,d} = json.parse(atob("eyjhijoiyuxsuhkwvfpfegpqelhxdwzvnitkajnzwedpossybklyagtem29vz1divkc0qtirvgp4cnzpzdvvanvbbxpmqnq3c2h2ymhdrus4agpmstbkn0xyenpjvm1xoudqyuzhbg1ka3fbq3bcu3dxz1jiajbiwetizghmoepkanzua3rgegrjvhjjudjnr2nlrve2qnvnr2rzuva1bkxza0h1ueu2ognwwlmwcfr3r3rhrlj6k3u4oejvwtzkz24yzhvyoejicvbytlfbum8zau1jzw94zlb2wlwvnlrjrlpknwzvdfzjdu4xwlzzr3o0dkdonzdrtfhhrg9cqtnzalcxu045t3nbmur4mhbmslniwk82yulumwztahy5tvfqm1pvvei0qmpkneiybkhqaedavwvzd0pobjjrtlrbaffod3vlc3h3slc1mfnscwrrvdizmlqzzxvnyzfqz0ltv2dydlczqtjwmja5sgl1b1lhwthozg10wwtydfwvqxhqrjbqzgvpnhhnzhpvazdybvwvq2v1zgqwzdczejk5vddxue50mjnmb0jevunim2zxnvnod1datdk4eutzchjck2ncl3zqrld5unbiynfruunvzkm1ee9srwi1qufltk1ouetqevl3ahkyck9hennlee1ybkxccmx1c2dqalzoukfxbeo4oxvdcjzcu3d2t0ljcxhnmnlrbjq4zwlvnm1sowhss0p3ovbitglzq1jcl1nmn0r1azu5wjjhovjzzdn1n21cl2q...

HTML page is missing a favicon

Source: file:///C:/Users/user/Desktop/download/FaxDocument-873422-Wcepinc-Transmission.html	HTTP Parser: No favicon
Source: https://www.inparsolucoes.com.br/images/pbcmc.php	HTTP Parser: No favicon
Source: https://doctortarragona.com.de/N12Pv/#8aesparza@wcepinc.com	HTTP Parser: No favicon
Source: https://doctortarragona.com.de/N12Pv/#8aesparza@wcepinc.com	HTTP Parser: No favicon

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.10.199:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.6:57019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:57027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:57063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:57081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53014 version: TLS 1.2

Software Vulnerabilities

Allocates a big amount of memory (probably used for heap spraying)

Source: chrome.exe

Memory has grown: Private usage: 8MB later: 34MB

Networking

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.6:52967 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:57011 -> 162.159.36.2:53

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename*%3DUTF-8''FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: phisher-parts-production-us-east-1.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/pbcmc.php?6104797967704b53693230746450795538757953387153537771536b7a507a307655533837503155744a3166637a4e416f6f30776341waxwork HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.inparsolucoes.com.br/images/pbcmc.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /N12Pv/ HTTP/1.1Host: doctortarragona.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.inparsolucoes.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=H2D+HCngALeUZfR&MD=mAexEuHX HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e1a56f38220d/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: doctortarragona.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doctortarragona.com.de/N12Pv/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0mfnhep7j7q3smgp3fqq79762i
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://doctortarragona.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cae957e10e556&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d7cae957e10e556&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/377496615:1729797319:ogjAsRMl1tpa_qoXXy9ZpyxOEyCgxnLQP9t8yxWRQ2E/8d7cae957e10e556/3NXPHSK0Y7qWTCnOHHR9z4lle9M2EwsxrP43E54KFLk-1729801378-1.1.1.1-fV7WEagQ3F1BWhD80g9IFQSDrItgEGii0MvgAEfYiOlPT1jhcPwY0dkb2j0_W16b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8d7cae957e10e556/1729801381091/5088b09fb68d7929013e558d26e9151ba07e6f6cddf0acb0b360434e05b546e1/sI7JTmcAKDMen4Z HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=H2D+HCngALeUZfR&MD=mAexEuHX HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cae957e10e556/1729801381093/UOIh-UQBb-h8ajQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/n38o4/0x4AAAAAAAxr5TbTd3MTHi9f/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8d7cae957e10e556/1729801381093/UOIh-UQBb-h8ajQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=H2D+HCngALeUZfR&MD=mAexEuHX HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/377496615:1729797319:ogjAsRMl1tpa_qoXXy9ZpyxOEyCgxnLQP9t8yxWRQ2E/8d7cae957e10e556/3NXPHSK0Y7qWTCnOHHR9z4lle9M2EwsxrP43E54KFLk-1729801378-1.1.1.1-fV7WEagQ3F1BWhD80g9IFQSDrItgEGii0MvgAEfYiOlPT1jhcPwY0dkb2j0_W16b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: phisher-parts-production-us-east-1.s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.inparsolucoes.com.br
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: doctortarragona.com.de
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /images/pbcmc.php HTTP/1.1Host: www.inparsolucoes.com.brConnection: keep-aliveContent-Length: 133Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: nullContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:22:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wvEtUyYxSivMVrevutONgVlYhu5wNc6W6evPdsMm33dITLuho46VAZ76YqJcPsSMy2nuxYfT8Vwhr9M8G48P8uEh4XGycsGrYWiK7EntW6yqWjHfJCOpY6XcFn8%2Bm5UmMHwA3WBfCjrd"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7cae5309fb3593-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1237&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2859&recv_bytes=1230&delivery_rate=2287519&cwnd=251&unsent_bytes=0&cid=5b7b49141bd201b4&ts=3689&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:23:02 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: osYjQfhIgzd4TIj/7CvFyLuNFWIGJk8wquc=$fBCa6PnfCa1OuduDServer: cloudflareCF-RAY: 8d7caeb27a6ee98b-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 20:23:06 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: /8YLp9Ii6HWxnkp0q6cvSOusm216ShxPKE4=$/eI14JoTHgCzvngZServer: cloudflareCF-RAY: 8d7caec87abd4666-DFWalt-svc: h3=":443"; ma=86400

URLs found in memory or binary data

Source: sets.json.4.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.4.dr	String found in binary or memory: https://24.hu
Source: sets.json.4.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.4.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.4.dr	String found in binary or memory: https://alice.tw
Source: sets.json.4.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.4.dr	String found in binary or memory: https://autobild.de
Source: sets.json.4.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.4.dr	String found in binary or memory: https://bild.de
Source: sets.json.4.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.4.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.4.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.4.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.4.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.4.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.4.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.4.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.4.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.4.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.4.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.4.dr	String found in binary or memory: https://cardsayings.net
Source: chromecache_136.6.dr, chromecache_124.6.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Source: sets.json.4.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.4.dr	String found in binary or memory: https://chennien.com
Source: sets.json.4.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.4.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.4.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.4.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.4.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.4.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.4.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.4.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.4.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.4.dr	String found in binary or memory: https://css-load.com
Source: sets.json.4.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.4.dr	String found in binary or memory: https://deere.com
Source: sets.json.4.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.4.dr	String found in binary or memory: https://dewarmsteweek.be
Source: chromecache_131.6.dr	String found in binary or memory: https://doctortarragona.com.de/N12Pv/#8aesparza
Source: sets.json.4.dr	String found in binary or memory: https://drimer.io
Source: sets.json.4.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.4.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.4.dr	String found in binary or memory: https://een.be
Source: sets.json.4.dr	String found in binary or memory: https://efront.com
Source: sets.json.4.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.4.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.4.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.4.dr	String found in binary or memory: https://ella.sv
Source: sets.json.4.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.4.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.4.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.4.dr	String found in binary or memory: https://finn.no
Source: sets.json.4.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.4.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.4.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.4.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.4.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://grid.id
Source: sets.json.4.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.4.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.4.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.4.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://hapara.com
Source: sets.json.4.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.global
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.4.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.4.dr	String found in binary or memory: https://hearty.app
Source: sets.json.4.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.4.dr	String found in binary or memory: https://hearty.me
Source: sets.json.4.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.4.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.4.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.4.dr	String found in binary or memory: https://hj.rs
Source: sets.json.4.dr	String found in binary or memory: https://hjck.com
Source: sets.json.4.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.4.dr	String found in binary or memory: https://html-load.com
Source: sets.json.4.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.4.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.4.dr	String found in binary or memory: https://img-load.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.4.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.4.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.4.dr	String found in binary or memory: https://interia.pl
Source: sets.json.4.dr	String found in binary or memory: https://intoday.in
Source: sets.json.4.dr	String found in binary or memory: https://iolam.it
Source: sets.json.4.dr	String found in binary or memory: https://ishares.com
Source: sets.json.4.dr	String found in binary or memory: https://jagran.com
Source: sets.json.4.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.4.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.4.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.4.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.4.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.4.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.4.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.4.dr	String found in binary or memory: https://libero.it
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.4.dr	String found in binary or memory: https://livechat.com
Source: sets.json.4.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.4.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.4.dr	String found in binary or memory: https://livemint.com
Source: sets.json.4.dr	String found in binary or memory: https://max.auto
Source: sets.json.4.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.4.dr	String found in binary or memory: https://meo.pt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.4.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.4.dr	String found in binary or memory: https://money.pl
Source: sets.json.4.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.4.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://nacion.com
Source: sets.json.4.dr	String found in binary or memory: https://naukri.com
Source: sets.json.4.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.co
Source: sets.json.4.dr	String found in binary or memory: https://nien.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.org
Source: sets.json.4.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.4.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.4.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.4.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.4.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.4.dr	String found in binary or memory: https://o2.pl
Source: sets.json.4.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.4.dr	String found in binary or memory: https://onet.pl
Source: sets.json.4.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.4.dr	String found in binary or memory: https://p106.net
Source: sets.json.4.dr	String found in binary or memory: https://p24.hu
Source: sets.json.4.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://pdmp-apis.no
Source: wget.exe, 00000002.00000002.2182035360.0000000000B70000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/202
Source: sets.json.4.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.4.dr	String found in binary or memory: https://player.pl
Source: sets.json.4.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.4.dr	String found in binary or memory: https://poalim.site
Source: sets.json.4.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.4.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.4.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.4.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.4.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.4.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://radio1.be
Source: sets.json.4.dr	String found in binary or memory: https://radio2.be
Source: sets.json.4.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://repid.org
Source: sets.json.4.dr	String found in binary or memory: https://reshim.org
Source: sets.json.4.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.4.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.4.dr	String found in binary or memory: https://samayam.com
Source: sets.json.4.dr	String found in binary or memory: https://sapo.io
Source: sets.json.4.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.4.dr	String found in binary or memory: https://shock.co
Source: sets.json.4.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.4.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.4.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.4.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.4.dr	String found in binary or memory: https://songshare.com
Source: sets.json.4.dr	String found in binary or memory: https://songstats.com
Source: sets.json.4.dr	String found in binary or memory: https://sporza.be
Source: sets.json.4.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.4.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.4.dr	String found in binary or memory: https://stripe.com
Source: sets.json.4.dr	String found in binary or memory: https://stripe.network
Source: sets.json.4.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.4.dr	String found in binary or memory: https://supereva.it
Source: sets.json.4.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.4.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.4.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.4.dr	String found in binary or memory: https://text.com
Source: sets.json.4.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://the42.ie
Source: sets.json.4.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.4.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.4.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.4.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.4.dr	String found in binary or memory: https://top.pl
Source: sets.json.4.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.4.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://tvid.in
Source: sets.json.4.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.4.dr	String found in binary or memory: https://unotv.com
Source: sets.json.4.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.4.dr	String found in binary or memory: https://vrt.be
Source: sets.json.4.dr	String found in binary or memory: https://vwo.com
Source: sets.json.4.dr	String found in binary or memory: https://welt.de
Source: sets.json.4.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.4.dr	String found in binary or memory: https://wildix.com
Source: sets.json.4.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.4.dr	String found in binary or memory: https://wingify.com
Source: sets.json.4.dr	String found in binary or memory: https://wordle.at
Source: sets.json.4.dr	String found in binary or memory: https://wp.pl
Source: sets.json.4.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.4.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.4.dr	String found in binary or memory: https://ya.ru
Source: sets.json.4.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://zalo.me
Source: sets.json.4.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://zingmp3.vn

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 57084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 57061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57126
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57127
Source: unknown	Network traffic detected: HTTP traffic on port 57106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57012
Source: unknown	Network traffic detected: HTTP traffic on port 57129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57014
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57015
Source: unknown	Network traffic detected: HTTP traffic on port 53007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 57117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 57037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57016
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57019
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57023
Source: unknown	Network traffic detected: HTTP traffic on port 57095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57021
Source: unknown	Network traffic detected: HTTP traffic on port 57026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 52976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57027
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57029
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57036
Source: unknown	Network traffic detected: HTTP traffic on port 57096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57030
Source: unknown	Network traffic detected: HTTP traffic on port 57025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57031
Source: unknown	Network traffic detected: HTTP traffic on port 57048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57032
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 52989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57039
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57045
Source: unknown	Network traffic detected: HTTP traffic on port 57105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57047
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 57036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 57013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 57085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57103
Source: unknown	Network traffic detected: HTTP traffic on port 57128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 57118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 57063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57109
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57107
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57114
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 57035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57119
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57117
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57124
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57125
Source: unknown	Network traffic detected: HTTP traffic on port 57024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57121
Source: unknown	Network traffic detected: HTTP traffic on port 52980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 57097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52998
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52991
Source: unknown	Network traffic detected: HTTP traffic on port 57126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52994
Source: unknown	Network traffic detected: HTTP traffic on port 52997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52995
Source: unknown	Network traffic detected: HTTP traffic on port 53010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57096
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57092
Source: unknown	Network traffic detected: HTTP traffic on port 52968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57093
Source: unknown	Network traffic detected: HTTP traffic on port 57075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57095
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57091
Source: unknown	Network traffic detected: HTTP traffic on port 57012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 57087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 57116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57049
Source: unknown	Network traffic detected: HTTP traffic on port 52978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57057
Source: unknown	Network traffic detected: HTTP traffic on port 52987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57055
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57051
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52968
Source: unknown	Network traffic detected: HTTP traffic on port 57054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52969
Source: unknown	Network traffic detected: HTTP traffic on port 57125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57067
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57060
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57062
Source: unknown	Network traffic detected: HTTP traffic on port 57099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52976
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52977
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52973
Source: unknown	Network traffic detected: HTTP traffic on port 52999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57079
Source: unknown	Network traffic detected: HTTP traffic on port 57021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57076
Source: unknown	Network traffic detected: HTTP traffic on port 57044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57070
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57073
Source: unknown	Network traffic detected: HTTP traffic on port 57077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52987
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52982
Source: unknown	Network traffic detected: HTTP traffic on port 57066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52985
Source: unknown	Network traffic detected: HTTP traffic on port 52977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52984
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57089
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57084
Source: unknown	Network traffic detected: HTTP traffic on port 52988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57080
Source: unknown	Network traffic detected: HTTP traffic on port 57055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53000
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57057 -> 443

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.10.199:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.242.39.171:443 -> 192.168.2.6:57019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:57027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:57053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.6:57063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:57081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53014 version: TLS 1.2

System Summary

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\sets.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\manifest.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\LICENSE			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\_metadata\			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\_metadata\verified_contents.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping764_1504294908\manifest.fingerprint			Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_764_672093908

Jump to behavior

Very long command line found

Source: unknown	Process created: Commandline size = 2083
Source: C:\Windows\SysWOW64\cmd.exe	Process created: Commandline size = 2035
Source: C:\Windows\SysWOW64\cmd.exe	Process created: Commandline size = 2035			Jump to behavior

Classification label

Source: classification engine

Classification label: mal48.phis.win@28/28@26/13

Creates files inside the user directory

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Creates mutexes

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4868:120:WilError_03

Reads software policies

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\FaxDocument-873422-Wcepinc-Transmission.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1916,i,1730709302199590936,13554322330194458,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1916,i,1730709302199590936,13554322330194458,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Tries to load missing DLLs

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll			Jump to behavior

Uses an in-process (OLE) Automation server

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Source: wget.exe, 00000002.00000002.2182067093.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

HIPS / PFW / Operating System Protection Evasion

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3b%20filename%3d%22faxdocument-873422-wcepinc-transmission.html%22%3b%20filename%2a%3dutf-8%27%27faxdocument-873422-wcepinc-transmission.html&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=asia37krem2qlqcgjml5%2f20241024%2fus-east-1%2fs3%2faws4_request&x-amz-date=20241024t201816z&x-amz-expires=15711&x-amz-security-token=iqojb3jpz2lux2vjehmacxvzlwvhc3qtmsjimeyciqd5%2bhzvzgn6j3fxb1eh7jhgjfyatdm4yse%2fb1lhu54clwihamgxufenqyupv%2fcfnjf%2fm%2bjk%2fqrmeneohuay3bkekkvekogecnz%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweqabomodizmtkzmjy1odi0igxkadsnklcvctvwmwiq3apvqpqpi58knfbaui%2fesqh1fjltx%2blsdpxwhmieoa7jjlduxndzztecvouwvp1oli1h3ptjspl3wxfiui7btzihzeqp3qn85awxido1fwb1mbpd%2fsdfsrqmegho9oqjpzpsqhm6e%2bmlmz1ytihd97pf%2fn08letryezz2nfjviqrlytvwqwr2qpezjyim0wnusbbq8q1iymha%2fiyvb9zkxoppvdgr1ptxz6oljzsy%2bt%2bjafeiswzysrdwwvlziujqwg%2b63t%2bpcq3bxmyasshjxnzarim7hms4aoj9sivr9pkl0wwd3qkwg7obyhnb8k0%2b1azzdj2e%2fflvd9tiwcg1kstezsabhjpeebxtzduckidp%2fcb%2fycv03kyjnwwzumaibwdrv3llj4itvulpzpubom8rjchrmb83tr2qzdnkkjyktsr42en1uqps%2bu0qdc%2fg93%2ffw2lixwumotybf1fwyey2oqz6e5eroigwqhmg4wje1zzgjwp8feqsg0yo9xznxr%2fyau%2bet2rnzwy2whuozk3hvwps4lwnhtytcrsndmgkxkfvspheqcqkf3xveabehd%2f9qqutdiicwnbbalsilk5euphzylvkimybmtiectf00%2ffhqo4eoclx5sgvdchqeq4bjqkaeyfm5a%2febzwf4uw87xmbquziribz00bbmxsr1f6inqrk5eiamnksyuyh%2fp3yjofau0ox8%2fovlihbkp3wtdzd5b5%2f5wwioymht1u0bdnhnt%2f%2b11yttesy4rc4fiydhkm7tzrfs9sa1wiiqxgqibqqjkrydzt%2flrmsyvtvk8wbscwkrvzxnu%2bsi4oujjhkmj27ywwc3ob5ne4d4%2fwryfib%2f4hwjo4&x-amz-signedheaders=host&x-amz-signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3b%20filename%3d%22faxdocument-873422-wcepinc-transmission.html%22%3b%20filename%2a%3dutf-8%27%27faxdocument-873422-wcepinc-transmission.html&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=asia37krem2qlqcgjml5%2f20241024%2fus-east-1%2fs3%2faws4_request&x-amz-date=20241024t201816z&x-amz-expires=15711&x-amz-security-token=iqojb3jpz2lux2vjehmacxvzlwvhc3qtmsjimeyciqd5%2bhzvzgn6j3fxb1eh7jhgjfyatdm4yse%2fb1lhu54clwihamgxufenqyupv%2fcfnjf%2fm%2bjk%2fqrmeneohuay3bkekkvekogecnz%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweqabomodizmtkzmjy1odi0igxkadsnklcvctvwmwiq3apvqpqpi58knfbaui%2fesqh1fjltx%2blsdpxwhmieoa7jjlduxndzztecvouwvp1oli1h3ptjspl3wxfiui7btzihzeqp3qn85awxido1fwb1mbpd%2fsdfsrqmegho9oqjpzpsqhm6e%2bmlmz1ytihd97pf%2fn08letryezz2nfjviqrlytvwqwr2qpezjyim0wnusbbq8q1iymha%2fiyvb9zkxoppvdgr1ptxz6oljzsy%2bt%2bjafeiswzysrdwwvlziujqwg%2b63t%2bpcq3bxmyasshjxnzarim7hms4aoj9sivr9pkl0wwd3qkwg7obyhnb8k0%2b1azzdj2e%2fflvd9tiwcg1kstezsabhjpeebxtzduckidp%2fcb%2fycv03kyjnwwzumaibwdrv3llj4itvulpzpubom8rjchrmb83tr2qzdnkkjyktsr42en1uqps%2bu0qdc%2fg93%2ffw2lixwumotybf1fwyey2oqz6e5eroigwqhmg4wje1zzgjwp8feqsg0yo9xznxr%2fyau%2bet2rnzwy2whuozk3hvwps4lwnhtytcrsndmgkxkfvspheqcqkf3xveabehd%2f9qqutdiicwnbbalsilk5euphzylvkimybmtiectf00%2ffhqo4eoclx5sgvdchqeq4bjqkaeyfm5a%2febzwf4uw87xmbquziribz00bbmxsr1f6inqrk5eiamnksyuyh%2fp3yjofau0ox8%2fovlihbkp3wtdzd5b5%2f5wwioymht1u0bdnhnt%2f%2b11yttesy4rc4fiydhkm7tzrfs9sa1wiiqxgqibqqjkrydzt%2flrmsyvtvk8wbscwkrvzxnu%2bsi4oujjhkmj27ywwc3ob5ne4d4%2fwryfib%2f4hwjo4&x-amz-signedheaders=host&x-amz-signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3b%20filename%3d%22faxdocument-873422-wcepinc-transmission.html%22%3b%20filename%2a%3dutf-8%27%27faxdocument-873422-wcepinc-transmission.html&x-amz-algorithm=aws4-hmac-sha256&x-amz-credential=asia37krem2qlqcgjml5%2f20241024%2fus-east-1%2fs3%2faws4_request&x-amz-date=20241024t201816z&x-amz-expires=15711&x-amz-security-token=iqojb3jpz2lux2vjehmacxvzlwvhc3qtmsjimeyciqd5%2bhzvzgn6j3fxb1eh7jhgjfyatdm4yse%2fb1lhu54clwihamgxufenqyupv%2fcfnjf%2fm%2bjk%2fqrmeneohuay3bkekkvekogecnz%2f%2f%2f%2f%2f%2f%2f%2f%2f%2fweqabomodizmtkzmjy1odi0igxkadsnklcvctvwmwiq3apvqpqpi58knfbaui%2fesqh1fjltx%2blsdpxwhmieoa7jjlduxndzztecvouwvp1oli1h3ptjspl3wxfiui7btzihzeqp3qn85awxido1fwb1mbpd%2fsdfsrqmegho9oqjpzpsqhm6e%2bmlmz1ytihd97pf%2fn08letryezz2nfjviqrlytvwqwr2qpezjyim0wnusbbq8q1iymha%2fiyvb9zkxoppvdgr1ptxz6oljzsy%2bt%2bjafeiswzysrdwwvlziujqwg%2b63t%2bpcq3bxmyasshjxnzarim7hms4aoj9sivr9pkl0wwd3qkwg7obyhnb8k0%2b1azzdj2e%2fflvd9tiwcg1kstezsabhjpeebxtzduckidp%2fcb%2fycv03kyjnwwzumaibwdrv3llj4itvulpzpubom8rjchrmb83tr2qzdnkkjyktsr42en1uqps%2bu0qdc%2fg93%2ffw2lixwumotybf1fwyey2oqz6e5eroigwqhmg4wje1zzgjwp8feqsg0yo9xznxr%2fyau%2bet2rnzwy2whuozk3hvwps4lwnhtytcrsndmgkxkfvspheqcqkf3xveabehd%2f9qqutdiicwnbbalsilk5euphzylvkimybmtiectf00%2ffhqo4eoclx5sgvdchqeq4bjqkaeyfm5a%2febzwf4uw87xmbquziribz00bbmxsr1f6inqrk5eiamnksyuyh%2fp3yjofau0ox8%2fovlihbkp3wtdzd5b5%2f5wwioymht1u0bdnhnt%2f%2b11yttesy4rc4fiydhkm7tzrfs9sa1wiiqxgqibqqjkrydzt%2flrmsyvtvk8wbscwkrvzxnu%2bsi4oujjhkmj27ywwc3ob5ne4d4%2fwryfib%2f4hwjo4&x-amz-signedheaders=host&x-amz-signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0"			Jump to behavior

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Queries the cryptographic machine GUID

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior