Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1527893
MD5: e445bf16aa010ce6cd1079021d59ef2a
SHA1: 13f832e2face0f387314aeb16f78ba5c4eb30eb9
SHA256: dac1c056057161be27bf75ef6200ddb5a632d61a039edb7ab9512a8d84bda2fd
Tags: exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 23%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.2% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50565 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50567 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50578 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50700 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.4:50755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:50768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50883 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50882 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50884 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50886 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50885 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_006CDBBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D68EE FindFirstFileW,FindClose, 0_2_006D68EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_006D698F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_006CD076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_006CD3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_006D9642
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_006D979D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_006D9B2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D5C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_006D5C97
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.4:50551 -> 1.1.1.1:53
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006DCE44 InternetReadFile,SetEvent,GetLastError,SetEvent, 0_2_006DCE44
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DAMwOOzTRRVX+Tw&MD=BRTKKwKf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1Host: youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1Host: www.youtube.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-743616949&timestamp=1728292924292 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DAMwOOzTRRVX+Tw&MD=BRTKKwKf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /th?id=OADD2.10239340783931_1YZB0VJW9326XBLXJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /th?id=OADD2.10239340783930_1HFAOTIQ1IDVU62AB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /th?id=OADD2.10239355035239_1NE5QON2H0G5IVA3Y&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /th?id=OADD2.10239355035240_1LIDBG5VEHXCVNZ8Y&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: chromecache_157.16.dr String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: youtube.com
Source: global traffic DNS traffic detected: DNS query: www.youtube.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: unknown HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_157.16.dr String found in binary or memory: https://accounts.google.com
Source: chromecache_157.16.dr String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_169.16.dr String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_157.16.dr String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_157.16.dr String found in binary or memory: https://families.google.com/intl/
Source: chromecache_169.16.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_169.16.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_169.16.dr String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_157.16.dr String found in binary or memory: https://g.co/recover
Source: chromecache_157.16.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_157.16.dr String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_157.16.dr String found in binary or memory: https://play.google/intl/
Source: chromecache_157.16.dr String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_157.16.dr String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_157.16.dr String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_157.16.dr String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_157.16.dr String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_157.16.dr String found in binary or memory: https://policies.google.com/terms
Source: chromecache_157.16.dr String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_157.16.dr String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_169.16.dr String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_157.16.dr String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_157.16.dr String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_157.16.dr String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_169.16.dr String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_157.16.dr String found in binary or memory: https://www.google.com
Source: chromecache_157.16.dr String found in binary or memory: https://www.google.com/intl/
Source: chromecache_169.16.dr String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_169.16.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_169.16.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_169.16.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_169.16.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_169.16.dr String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_157.16.dr String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_157.16.dr String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000002.3373581644.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2146550054.00000000003B4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_157.16.dr String found in binary or memory: https://youtube.com/t/terms?gl=
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50612
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50611
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50614
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50613
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50616
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50615
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50739
Source: unknown Network traffic detected: HTTP traffic on port 50806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50859
Source: unknown Network traffic detected: HTTP traffic on port 50749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50850
Source: unknown Network traffic detected: HTTP traffic on port 50726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50730
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50851
Source: unknown Network traffic detected: HTTP traffic on port 50670 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50693 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50619
Source: unknown Network traffic detected: HTTP traffic on port 50750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50623
Source: unknown Network traffic detected: HTTP traffic on port 50635 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50622
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50625
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50867
Source: unknown Network traffic detected: HTTP traffic on port 50578 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50624
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50745
Source: unknown Network traffic detected: HTTP traffic on port 50853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50866
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50627
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50626
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50629
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50628
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50621
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50620
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50741
Source: unknown Network traffic detected: HTTP traffic on port 50761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50862
Source: unknown Network traffic detected: HTTP traffic on port 50600 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50589 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50646 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50755
Source: unknown Network traffic detected: HTTP traffic on port 50875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50633
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50636
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50757
Source: unknown Network traffic detected: HTTP traffic on port 50852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50635
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50638
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50637
Source: unknown Network traffic detected: HTTP traffic on port 50657 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50682 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50639
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50630
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50632
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown Network traffic detected: HTTP traffic on port 50762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50873
Source: unknown Network traffic detected: HTTP traffic on port 50714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50601 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50644
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50647
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50646
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50649
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50648
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50769
Source: unknown Network traffic detected: HTTP traffic on port 50830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50760
Source: unknown Network traffic detected: HTTP traffic on port 50784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50641
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50640
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50882
Source: unknown Network traffic detected: HTTP traffic on port 50612 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50643
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50642
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50884
Source: unknown Network traffic detected: HTTP traffic on port 50623 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50816
Source: unknown Network traffic detected: HTTP traffic on port 50831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50815
Source: unknown Network traffic detected: HTTP traffic on port 50819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50579 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50591 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50819
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50622 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50700
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50821
Source: unknown Network traffic detected: HTTP traffic on port 50683 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50820
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50701
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50822
Source: unknown Network traffic detected: HTTP traffic on port 50656 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50826
Source: unknown Network traffic detected: HTTP traffic on port 50748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50694 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50828
Source: unknown Network traffic detected: HTTP traffic on port 50759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50709
Source: unknown Network traffic detected: HTTP traffic on port 50772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50711
Source: unknown Network traffic detected: HTTP traffic on port 50611 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50830
Source: unknown Network traffic detected: HTTP traffic on port 50672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50567 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50695 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50718
Source: unknown Network traffic detected: HTTP traffic on port 50808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50839
Source: unknown Network traffic detected: HTTP traffic on port 50865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50601
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50600
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50602
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50723
Source: unknown Network traffic detected: HTTP traffic on port 50794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50605
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50847
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50604
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50607
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50606
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50848
Source: unknown Network traffic detected: HTTP traffic on port 50633 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50841
Source: unknown Network traffic detected: HTTP traffic on port 50876 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50840
Source: unknown Network traffic detected: HTTP traffic on port 50887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50590 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50609
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50608
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50729
Source: unknown Network traffic detected: HTTP traffic on port 50644 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50579
Source: unknown Network traffic detected: HTTP traffic on port 50684 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50578
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50699
Source: unknown Network traffic detected: HTTP traffic on port 50850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50692
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50691
Source: unknown Network traffic detected: HTTP traffic on port 50655 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50694
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50693
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50696
Source: unknown Network traffic detected: HTTP traffic on port 50632 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50695
Source: unknown Network traffic detected: HTTP traffic on port 50873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50697
Source: unknown Network traffic detected: HTTP traffic on port 50838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50589
Source: unknown Network traffic detected: HTTP traffic on port 50769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50582
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50584
Source: unknown Network traffic detected: HTTP traffic on port 50723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50583
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50586
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50585
Source: unknown Network traffic detected: HTTP traffic on port 50782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50592 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50591
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50590
Source: unknown Network traffic detected: HTTP traffic on port 50608 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50621 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50609 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50593
Source: unknown Network traffic detected: HTTP traffic on port 50558 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50592
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50595
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50594
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50597
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50596
Source: unknown Network traffic detected: HTTP traffic on port 50747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50643 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50620 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50685 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50654 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50696 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50656
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50655
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50658
Source: unknown Network traffic detected: HTTP traffic on port 50768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50657
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50659
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50890
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50650
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50771
Source: unknown Network traffic detected: HTTP traffic on port 50594 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50652
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50651
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50654
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50653
Source: unknown Network traffic detected: HTTP traffic on port 50745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50774
Source: unknown Network traffic detected: HTTP traffic on port 50863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50697 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50607 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50667
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50788
Source: unknown Network traffic detected: HTTP traffic on port 50792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50666
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50669
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50668
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50789
Source: unknown Network traffic detected: HTTP traffic on port 50805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50780
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50661
Source: unknown Network traffic detected: HTTP traffic on port 50702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50660
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50663
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50662
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50665
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50664
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50785
Source: unknown Network traffic detected: HTTP traffic on port 50816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50642 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50663 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50678
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50677
Source: unknown Network traffic detected: HTTP traffic on port 50791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50558
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50679
Source: unknown Network traffic detected: HTTP traffic on port 50686 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50670
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50791
Source: unknown Network traffic detected: HTTP traffic on port 50701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50790
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50672
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50793
Source: unknown Network traffic detected: HTTP traffic on port 50653 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50671
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50792
Source: unknown Network traffic detected: HTTP traffic on port 50619 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50674
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50552
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50673
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50676
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50797
Source: unknown Network traffic detected: HTTP traffic on port 50630 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50675
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50796
Source: unknown Network traffic detected: HTTP traffic on port 50779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50582 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50689
Source: unknown Network traffic detected: HTTP traffic on port 50851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50567
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50688
Source: unknown Network traffic detected: HTTP traffic on port 50828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50681
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50680
Source: unknown Network traffic detected: HTTP traffic on port 50593 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50683
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50682
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50685
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50563
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50684
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50687
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50686
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50565
Source: unknown Network traffic detected: HTTP traffic on port 50746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50690
Source: unknown Network traffic detected: HTTP traffic on port 50757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50641 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50584 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50664 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50687 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50652 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50595 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50629 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50628 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50583 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50665 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50606 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50640 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50651 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50662 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50639 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50585 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50604 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50596 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50638 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50666 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50605 -> 443
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50565 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50567 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50578 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50700 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.4:50755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:50768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50883 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50882 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50884 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50886 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.4:50885 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006DEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_006DEAFF
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006DED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_006DED6A
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006DEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, 0_2_006DEAFF
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput, 0_2_006CAA57
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006F9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, 0_2_006F9576

System Summary
barindex
Binary is likely a compiled AutoIt script file
Source: file.exe String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: This is a third-party compiled AutoIt script. memstr_4be0aebf-f
Source: file.exe, 00000000.00000002.3373310757.0000000000722000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_16c7626e-d
Source: file.exe String found in binary or memory: This is a third-party compiled AutoIt script. memstr_b2bce244-9
Source: file.exe String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer memstr_8a542f3a-7
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CD5EB: CreateFileW,DeviceIoControl,CloseHandle, 0_2_006CD5EB
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_006C1201
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState, 0_2_006CE8F6
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0066BF40 0_2_0066BF40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00668060 0_2_00668060
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D2046 0_2_006D2046
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C8298 0_2_006C8298
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0069E4FF 0_2_0069E4FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0069676B 0_2_0069676B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006F4873 0_2_006F4873
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0066CAF0 0_2_0066CAF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0068CAA0 0_2_0068CAA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0067CC39 0_2_0067CC39
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00696DD9 0_2_00696DD9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0067D064 0_2_0067D064
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0067B119 0_2_0067B119
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006691C0 0_2_006691C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00681394 0_2_00681394
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00681706 0_2_00681706
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0068781B 0_2_0068781B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0067997D 0_2_0067997D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00667920 0_2_00667920
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006819B0 0_2_006819B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00687A4A 0_2_00687A4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00681C77 0_2_00681C77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00687CA7 0_2_00687CA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006EBE44 0_2_006EBE44
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00699EEE 0_2_00699EEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00681F32 0_2_00681F32
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00680A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0067F9F2 appears 31 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal72.troj.evad.winEXE@46/30@12/8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D37B5 GetLastError,FormatMessageW, 0_2_006D37B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C10BF AdjustTokenPrivileges,CloseHandle, 0_2_006C10BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 0_2_006C16C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode, 0_2_006D51CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006EA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle, 0_2_006EA67C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize, 0_2_006D648E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006642A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, 0_2_006642A2
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3668:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6576:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7144:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3844:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7060:120:WilError_03
Source: file.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe ReversingLabs: Detection: 23%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1616,i,10676587274302744520,10063467420524818103,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_006642DE
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006AE859 push 00000000h; ret 0_2_006AE8FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006AE8FF push 00000000h; ret 0_2_006AE901
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00680A76 push ecx; ret 0_2_00680A89
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0066900A push 00000000h; iretd 0_2_0066900C
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0067F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, 0_2_0067F98E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006F1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, 0_2_006F1C41
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exe Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 7021 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: foregroundWindowGot 1707 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\file.exe API coverage: 3.4 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 7084 Thread sleep count: 7021 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7084 Thread sleep time: -70210s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7084 Thread sleep count: 146 > 30 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\Desktop\file.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Sleep loop found (likely to delay execution)
Source: C:\Users\user\Desktop\file.exe Thread sleep count: Count: 7021 delay: -10 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, 0_2_006CDBBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D68EE FindFirstFileW,FindClose, 0_2_006D68EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, 0_2_006D698F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_006CD076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, 0_2_006CD3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_006D9642
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, 0_2_006D979D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, 0_2_006D9B2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D5C97 FindFirstFileW,FindNextFileW,FindClose, 0_2_006D5C97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_006642DE
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006DEAA2 BlockInput, 0_2_006DEAA2
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00692622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00692622
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_006642DE
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00684CE8 mov eax, dword ptr fs:[00000030h] 0_2_00684CE8
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_006C0B62
Enables debug privileges
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00692622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00692622
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0068083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0068083F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006809D5 SetUnhandledExceptionFilter, 0_2_006809D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00680C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00680C21
Contains functionality to execute programs as a different user
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, 0_2_006C1201
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006A2BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, 0_2_006A2BA5
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CB226 SendInput,keybd_event, 0_2_006CB226
Contains functionality to simulate mouse events
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006E22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event, 0_2_006E22DA
Uses taskkill to terminate processes
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 0_2_006C0B62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 0_2_006C1663
Source: file.exe Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe Binary or memory string: Shell_TrayWnd
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00680698 cpuid 0_2_00680698
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW, 0_2_006D8195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006BD27A GetUserNameW, 0_2_006BD27A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0069BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte, 0_2_0069BB6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006642DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, 0_2_006642DE

Stealing of Sensitive Information
barindex
Yara detected Credential Flusher
Source: Yara match File source: 00000000.00000002.3373581644.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR
OS version to string mapping found (often used in BOTs)
Source: file.exe Binary or memory string: WIN_81
Source: file.exe Binary or memory string: WIN_XP
Source: file.exe Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe Binary or memory string: WIN_XPe
Source: file.exe Binary or memory string: WIN_VISTA
Source: file.exe Binary or memory string: WIN_7
Source: file.exe Binary or memory string: WIN_8

Remote Access Functionality
barindex
Yara detected Credential Flusher
Source: Yara match File source: 00000000.00000002.3373581644.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 7076, type: MEMORYSTR
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006E1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, 0_2_006E1204
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006E1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, 0_2_006E1806
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1527893 Sample: file.exe Startdate: 07/10/2024 Architecture: WINDOWS Score: 72 46 Multi AV Scanner detection for submitted file 2->46 48 Yara detected Credential Flusher 2->48 50 Binary is likely a compiled AutoIt script file 2->50 52 2 other signatures 2->52 7 file.exe 2->7         started        process3 signatures4 54 Binary is likely a compiled AutoIt script file 7->54 56 Found API chain indicative of sandbox detection 7->56 10 chrome.exe 1 7->10         started        13 taskkill.exe 1 7->13         started        15 taskkill.exe 1 7->15         started        17 3 other processes 7->17 process5 dnsIp6 42 192.168.2.4, 443, 49337, 49723 unknown unknown 10->42 44 239.255.255.250 unknown Reserved 10->44 19 chrome.exe 10->19         started        22 chrome.exe 10->22         started        24 chrome.exe 6 10->24         started        26 conhost.exe 13->26         started        28 conhost.exe 15->28         started        30 conhost.exe 17->30         started        32 conhost.exe 17->32         started        34 conhost.exe 17->34         started        process7 dnsIp8 36 play.google.com 142.250.185.142, 443, 50591, 50592 GOOGLEUS United States 19->36 38 www.google.com 142.250.185.196, 443, 50563, 50875 GOOGLEUS United States 19->38 40 6 other IPs or domains 19->40
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.186.78
 youtube.com United States
15169 GOOGLEUS false
142.250.185.206
 youtube-ui.l.google.com United States
15169 GOOGLEUS false
172.217.18.14
 www3.l.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.185.196
 www.google.com United States
15169 GOOGLEUS false
142.250.185.142
 play.google.com United States
15169 GOOGLEUS false
142.250.186.110
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
youtube-ui.l.google.com 142.250.185.206 true
www3.l.google.com 172.217.18.14 true
play.google.com 142.250.185.142 true
www.google.com 142.250.185.196 true
youtube.com 142.250.186.78 true
accounts.youtube.com unknown unknown
www.youtube.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://tse1.mm.bing.net/th?id=OADD2.10239355035240_1LIDBG5VEHXCVNZ8Y&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 false
    		unknown
    https://tse1.mm.bing.net/th?id=OADD2.10239340783930_1HFAOTIQ1IDVU62AB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 false
      		unknown
      https://tse1.mm.bing.net/th?id=OADD2.10239355035239_1NE5QON2H0G5IVA3Y&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 false
        		unknown
        https://play.google.com/log?format=json&hasfast=true&authuser=0 false
          		unknown
          https://www.google.com/favicon.ico false
            		unknown
            https://play.google.com/log?hasfast=true&authuser=0&format=json false
              		unknown
              https://tse1.mm.bing.net/th?id=OADD2.10239340783931_1YZB0VJW9326XBLXJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 false
                		unknown
                https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 false
                  		unknown
                  https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 false
                    		unknown