Windows Analysis Report
https://www.videolan.org/vlc/download-windows.html

Overview

General Information

Sample URL:	https://www.videolan.org/vlc/download-windows.html
Analysis ID:	1530826
Infos:

Detection

Score:	7
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

Deletes files inside the Windows folder

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

Drops PE files

Drops PE files to the windows directory (C:\Windows)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Usage Of Web Request Commands And Cmdlets

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Detected hidden input values containing email addresses (often used in phishing pages)

Source: file:///C:/Users/user/Desktop/download/download-windows.html

HTTP Parser: sponsor@videolan.org

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 213.36.253.2:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.5:60714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:60721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:60733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:60742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:60754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:60792 version: TLS 1.2

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.4.dr

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.5:58120 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:60710 -> 162.159.36.2:53

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /vlc/download-windows.html HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: www.videolan.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=laD8R5yl11nkwe4&MD=3dSVP44a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=laD8R5yl11nkwe4&MD=3dSVP44a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=laD8R5yl11nkwe4&MD=3dSVP44a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: <a class="social" href="https://www.facebook.com/vlc.media.player"> equals www.facebook.com (Facebook)
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: <a class="social" href="https://www.twitter.com/videolan"> equals www.twitter.com (Twitter)
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: return b}QC.F="internal.enableAutoEventOnTimer";var gc=ka(["data-gtm-yt-inspected-"]),SC=["www.youtube.com","www.youtube-nocookie.com"],TC,UC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.videolan.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa

Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: http://cuberto.com/
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: http://sourceforge.net/projects/kernelex/
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: sets.json.4.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.4.dr	String found in binary or memory: https://24.hu
Source: sets.json.4.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.4.dr	String found in binary or memory: https://abczdrowie.pl
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://addons.videolan.org/browse/cat/323/ord/latest/
Source: chromecache_149.6.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: sets.json.4.dr	String found in binary or memory: https://alice.tw
Source: sets.json.4.dr	String found in binary or memory: https://ambitionbox.com
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: download-windows.html.2.dr	String found in binary or memory: https://artifacts.videolan.org/vlc/nightly-win64-arm-llvm/
Source: sets.json.4.dr	String found in binary or memory: https://autobild.de
Source: sets.json.4.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.4.dr	String found in binary or memory: https://bild.de
Source: sets.json.4.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.4.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.4.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.4.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.4.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.4.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.4.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.4.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.4.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.4.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.4.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.4.dr	String found in binary or memory: https://cardsayings.net
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: sets.json.4.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.4.dr	String found in binary or memory: https://chennien.com
Source: sets.json.4.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.4.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.4.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.4.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.4.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.4.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.4.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.4.dr	String found in binary or memory: https://cookreactor.com
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://creativecommons.org/licenses/by-sa/3.0/us/
Source: sets.json.4.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.4.dr	String found in binary or memory: https://css-load.com
Source: sets.json.4.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.4.dr	String found in binary or memory: https://deere.com
Source: sets.json.4.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.4.dr	String found in binary or memory: https://dewarmsteweek.be
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://download.videolan.org/pub/videolan/vlc
Source: sets.json.4.dr	String found in binary or memory: https://drimer.io
Source: sets.json.4.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.4.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.4.dr	String found in binary or memory: https://een.be
Source: sets.json.4.dr	String found in binary or memory: https://efront.com
Source: sets.json.4.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.4.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.4.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.4.dr	String found in binary or memory: https://ella.sv
Source: sets.json.4.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.4.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.4.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.4.dr	String found in binary or memory: https://finn.no
Source: sets.json.4.dr	String found in binary or memory: https://firstlook.biz
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://forum.videolan.org/
Source: sets.json.4.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.4.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.4.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.4.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://grid.id
Source: sets.json.4.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.4.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.4.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.4.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://hapara.com
Source: sets.json.4.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.global
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.4.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.4.dr	String found in binary or memory: https://hearty.app
Source: sets.json.4.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.4.dr	String found in binary or memory: https://hearty.me
Source: sets.json.4.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.4.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.4.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.4.dr	String found in binary or memory: https://hj.rs
Source: sets.json.4.dr	String found in binary or memory: https://hjck.com
Source: sets.json.4.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.4.dr	String found in binary or memory: https://html-load.com
Source: sets.json.4.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.4.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.4.dr	String found in binary or memory: https://img-load.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.4.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.4.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.4.dr	String found in binary or memory: https://interia.pl
Source: sets.json.4.dr	String found in binary or memory: https://intoday.in
Source: sets.json.4.dr	String found in binary or memory: https://iolam.it
Source: sets.json.4.dr	String found in binary or memory: https://ishares.com
Source: sets.json.4.dr	String found in binary or memory: https://jagran.com
Source: sets.json.4.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.4.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.4.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.4.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.4.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.4.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.4.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.4.dr	String found in binary or memory: https://libero.it
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.4.dr	String found in binary or memory: https://livechat.com
Source: sets.json.4.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.4.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.4.dr	String found in binary or memory: https://livemint.com
Source: sets.json.4.dr	String found in binary or memory: https://max.auto
Source: sets.json.4.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.4.dr	String found in binary or memory: https://meo.pt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.4.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.4.dr	String found in binary or memory: https://money.pl
Source: sets.json.4.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.4.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://nacion.com
Source: sets.json.4.dr	String found in binary or memory: https://naukri.com
Source: sets.json.4.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.co
Source: sets.json.4.dr	String found in binary or memory: https://nien.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.org
Source: sets.json.4.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.4.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.4.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.4.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.4.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.4.dr	String found in binary or memory: https://o2.pl
Source: sets.json.4.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.4.dr	String found in binary or memory: https://onet.pl
Source: download-windows.html.2.dr	String found in binary or memory: https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js
Source: download-windows.html.2.dr	String found in binary or memory: https://oss.maxcdn.com/respond/1.4.2/respond.min.js
Source: sets.json.4.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.4.dr	String found in binary or memory: https://p106.net
Source: sets.json.4.dr	String found in binary or memory: https://p24.hu
Source: chromecache_149.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: sets.json.4.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.4.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.4.dr	String found in binary or memory: https://player.pl
Source: sets.json.4.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.4.dr	String found in binary or memory: https://poalim.site
Source: sets.json.4.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.4.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.4.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.4.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.4.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.4.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://radio1.be
Source: sets.json.4.dr	String found in binary or memory: https://radio2.be
Source: sets.json.4.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://repid.org
Source: sets.json.4.dr	String found in binary or memory: https://reshim.org
Source: sets.json.4.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.4.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.4.dr	String found in binary or memory: https://samayam.com
Source: sets.json.4.dr	String found in binary or memory: https://sapo.io
Source: sets.json.4.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.4.dr	String found in binary or memory: https://shock.co
Source: sets.json.4.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.4.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.4.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.4.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.4.dr	String found in binary or memory: https://songshare.com
Source: sets.json.4.dr	String found in binary or memory: https://songstats.com
Source: sets.json.4.dr	String found in binary or memory: https://sporza.be
Source: sets.json.4.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.4.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: chromecache_151.6.dr, chromecache_149.6.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_148.6.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: sets.json.4.dr	String found in binary or memory: https://stripe.com
Source: sets.json.4.dr	String found in binary or memory: https://stripe.network
Source: sets.json.4.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.4.dr	String found in binary or memory: https://supereva.it
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://tagassistant.google.com/
Source: sets.json.4.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskstgid.com
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: https://td.doubleclick.net
Source: sets.json.4.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.4.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.4.dr	String found in binary or memory: https://text.com
Source: sets.json.4.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://the42.ie
Source: sets.json.4.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.4.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.4.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.4.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.4.dr	String found in binary or memory: https://top.pl
Source: sets.json.4.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.4.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://tvid.in
Source: sets.json.4.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.4.dr	String found in binary or memory: https://unotv.com
Source: sets.json.4.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.4.dr	String found in binary or memory: https://vrt.be
Source: sets.json.4.dr	String found in binary or memory: https://vwo.com
Source: sets.json.4.dr	String found in binary or memory: https://welt.de
Source: sets.json.4.dr	String found in binary or memory: https://wieistmeineip.de
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://wiki.videolan.org/
Source: sets.json.4.dr	String found in binary or memory: https://wildix.com
Source: sets.json.4.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.4.dr	String found in binary or memory: https://wingify.com
Source: sets.json.4.dr	String found in binary or memory: https://wordle.at
Source: sets.json.4.dr	String found in binary or memory: https://wp.pl
Source: sets.json.4.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.4.dr	String found in binary or memory: https://www.asadcdn.com
Source: chromecache_146.6.dr, chromecache_143.6.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_149.6.dr	String found in binary or memory: https://www.google.com
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_149.6.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: download-windows.html.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-38853043-1
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://www.madebyargon.com
Source: chromecache_151.6.dr, chromecache_149.6.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: download-windows.html.2.dr	String found in binary or memory: https://www.paypal.com/cgi-bin/webscr
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://www.twitter.com/videolan
Source: download-windows.html.2.dr	String found in binary or memory: https://www.videolan.org/thank_you.html
Source: wget.exe, 00000002.00000002.2042643405.00000000010F5000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: https://www.videolan.org/vlc/download-windows.html
Source: wget.exe, 00000002.00000002.2042643405.00000000010F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.videolan.org/vlc/download-windows.htmlGON
Source: wget.exe, 00000002.00000002.2042643405.00000000010F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.videolan.org/vlc/download-windows.htmlPROC
Source: sets.json.4.dr	String found in binary or memory: https://ya.ru
Source: sets.json.4.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://zalo.me
Source: sets.json.4.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 60850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60772
Source: unknown	Network traffic detected: HTTP traffic on port 60838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60770
Source: unknown	Network traffic detected: HTTP traffic on port 60815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 60712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60776
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 60849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 60803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60782
Source: unknown	Network traffic detected: HTTP traffic on port 60862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60780
Source: unknown	Network traffic detected: HTTP traffic on port 58122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 60770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 60827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60793
Source: unknown	Network traffic detected: HTTP traffic on port 60861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58122
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58121
Source: unknown	Network traffic detected: HTTP traffic on port 58133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60798
Source: unknown	Network traffic detected: HTTP traffic on port 60771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60797
Source: unknown	Network traffic detected: HTTP traffic on port 58135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58128
Source: unknown	Network traffic detected: HTTP traffic on port 60782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58137
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58131
Source: unknown	Network traffic detected: HTTP traffic on port 60816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58132
Source: unknown	Network traffic detected: HTTP traffic on port 60759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 60793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 60802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 58144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60850
Source: unknown	Network traffic detected: HTTP traffic on port 60863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60856
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60855
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 60851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60746
Source: unknown	Network traffic detected: HTTP traffic on port 60828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60866
Source: unknown	Network traffic detected: HTTP traffic on port 60757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 60736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 60852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 60747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60750
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 60801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 60792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 60713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60768
Source: unknown	Network traffic detected: HTTP traffic on port 58134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60764
Source: unknown	Network traffic detected: HTTP traffic on port 60858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 60847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 60805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 58149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58139
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58138
Source: unknown	Network traffic detected: HTTP traffic on port 60745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58148
Source: unknown	Network traffic detected: HTTP traffic on port 60777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58143
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58140
Source: unknown	Network traffic detected: HTTP traffic on port 60754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58149
Source: unknown	Network traffic detected: HTTP traffic on port 60859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58152
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58154
Source: unknown	Network traffic detected: HTTP traffic on port 60711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58150
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60816
Source: unknown	Network traffic detected: HTTP traffic on port 60726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60814
Source: unknown	Network traffic detected: HTTP traffic on port 58131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60813
Source: unknown	Network traffic detected: HTTP traffic on port 58154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60812
Source: unknown	Network traffic detected: HTTP traffic on port 60829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60811
Source: unknown	Network traffic detected: HTTP traffic on port 60750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60810
Source: unknown	Network traffic detected: HTTP traffic on port 60773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60827
Source: unknown	Network traffic detected: HTTP traffic on port 60830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60826
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60820
Source: unknown	Network traffic detected: HTTP traffic on port 60800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60838
Source: unknown	Network traffic detected: HTTP traffic on port 60785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60837
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60836
Source: unknown	Network traffic detected: HTTP traffic on port 60842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60832
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60831
Source: unknown	Network traffic detected: HTTP traffic on port 60737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60830
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60849
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60840
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60844
Source: unknown	Network traffic detected: HTTP traffic on port 60864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60722
Source: unknown	Network traffic detected: HTTP traffic on port 60751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60720

Source: unknown	HTTPS traffic detected: 213.36.253.2:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.5:60714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:60721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:60733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:60742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:60754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:60792 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\Google.Widevine.CDM.dll	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_3380_1176688420

Jump to behavior

PE file contains more sections than normal

Source: Google.Widevine.CDM.dll.4.dr

Static PE information: Number of sections : 12 > 10

Source: classification engine

Classification label: clean7.win@25/26@5/5

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6844:120:WilError_03

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.videolan.org/vlc/download-windows.html" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.videolan.org/vlc/download-windows.html"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\download-windows.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1760,i,8591697756766500833,3544110521577231241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.videolan.org/vlc/download-windows.html"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1760,i,8591697756766500833,3544110521577231241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.4.dr

PE file contains sections with non-standard names

Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\Google.Widevine.CDM.dll

Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\Google.Widevine.CDM.dll

Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: wget.exe, 00000002.00000002.2042477505.0000000000A68000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: unknown

Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://www.videolan.org/vlc/download-windows.html" > cmdline.out 2>&1

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
216.58.212.132	www.google.com	United States	15169	GOOGLEUS	false
213.36.253.2	www.videolan.org	France	12322	PROXADFR	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
www.videolan.org	213.36.253.2	true
www.google.com	216.58.212.132	true
206.23.85.13.in-addr.arpa	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/download/download-windows.html	false		unknown

Detected hidden input values containing email addresses (often used in phishing pages)

Source: file:///C:/Users/user/Desktop/download/download-windows.html

HTTP Parser: sponsor@videolan.org

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 213.36.253.2:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.5:60714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:60721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:60733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:60742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:60754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:60792 version: TLS 1.2

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.4.dr

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.5:58120 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:60710 -> 162.159.36.2:53

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 95.100.63.156
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /vlc/download-windows.html HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: www.videolan.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=laD8R5yl11nkwe4&MD=3dSVP44a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=laD8R5yl11nkwe4&MD=3dSVP44a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=laD8R5yl11nkwe4&MD=3dSVP44a HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: <a class="social" href="https://www.facebook.com/vlc.media.player"> equals www.facebook.com (Facebook)
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: <a class="social" href="https://www.twitter.com/videolan"> equals www.twitter.com (Twitter)
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: return b}QC.F="internal.enableAutoEventOnTimer";var gc=ka(["data-gtm-yt-inspected-"]),SC=["www.youtube.com","www.youtube-nocookie.com"],TC,UC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.videolan.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa

Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: http://cuberto.com/
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: http://sourceforge.net/projects/kernelex/
Source: Google.Widevine.CDM.dll.4.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: sets.json.4.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.4.dr	String found in binary or memory: https://24.hu
Source: sets.json.4.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.4.dr	String found in binary or memory: https://abczdrowie.pl
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://addons.videolan.org/browse/cat/323/ord/latest/
Source: chromecache_149.6.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: sets.json.4.dr	String found in binary or memory: https://alice.tw
Source: sets.json.4.dr	String found in binary or memory: https://ambitionbox.com
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: download-windows.html.2.dr	String found in binary or memory: https://artifacts.videolan.org/vlc/nightly-win64-arm-llvm/
Source: sets.json.4.dr	String found in binary or memory: https://autobild.de
Source: sets.json.4.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.4.dr	String found in binary or memory: https://bild.de
Source: sets.json.4.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.4.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.4.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.4.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.4.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.4.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.4.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.4.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.4.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.4.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.4.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.4.dr	String found in binary or memory: https://cardsayings.net
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: sets.json.4.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.4.dr	String found in binary or memory: https://chennien.com
Source: sets.json.4.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.4.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.4.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.4.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.4.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.4.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.4.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.4.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.4.dr	String found in binary or memory: https://cookreactor.com
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://creativecommons.org/licenses/by-sa/3.0/us/
Source: sets.json.4.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.4.dr	String found in binary or memory: https://css-load.com
Source: sets.json.4.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.4.dr	String found in binary or memory: https://deere.com
Source: sets.json.4.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.4.dr	String found in binary or memory: https://dewarmsteweek.be
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://download.videolan.org/pub/videolan/vlc
Source: sets.json.4.dr	String found in binary or memory: https://drimer.io
Source: sets.json.4.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.4.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.4.dr	String found in binary or memory: https://een.be
Source: sets.json.4.dr	String found in binary or memory: https://efront.com
Source: sets.json.4.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.4.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.4.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.4.dr	String found in binary or memory: https://ella.sv
Source: sets.json.4.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.4.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.4.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.4.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.4.dr	String found in binary or memory: https://finn.no
Source: sets.json.4.dr	String found in binary or memory: https://firstlook.biz
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://forum.videolan.org/
Source: sets.json.4.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.4.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.4.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.4.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://grid.id
Source: sets.json.4.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.4.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.4.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.4.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://hapara.com
Source: sets.json.4.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1.global
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.4.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.4.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.4.dr	String found in binary or memory: https://hearty.app
Source: sets.json.4.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.4.dr	String found in binary or memory: https://hearty.me
Source: sets.json.4.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.4.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.4.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.4.dr	String found in binary or memory: https://hj.rs
Source: sets.json.4.dr	String found in binary or memory: https://hjck.com
Source: sets.json.4.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.4.dr	String found in binary or memory: https://html-load.com
Source: sets.json.4.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.4.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.4.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.4.dr	String found in binary or memory: https://img-load.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.4.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.4.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.4.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.4.dr	String found in binary or memory: https://interia.pl
Source: sets.json.4.dr	String found in binary or memory: https://intoday.in
Source: sets.json.4.dr	String found in binary or memory: https://iolam.it
Source: sets.json.4.dr	String found in binary or memory: https://ishares.com
Source: sets.json.4.dr	String found in binary or memory: https://jagran.com
Source: sets.json.4.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.4.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.4.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.4.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.com
Source: sets.json.4.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.4.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.4.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.4.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.4.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.4.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.4.dr	String found in binary or memory: https://libero.it
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.4.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.4.dr	String found in binary or memory: https://livechat.com
Source: sets.json.4.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.4.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.4.dr	String found in binary or memory: https://livemint.com
Source: sets.json.4.dr	String found in binary or memory: https://max.auto
Source: sets.json.4.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.4.dr	String found in binary or memory: https://meo.pt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.4.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.4.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.4.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.4.dr	String found in binary or memory: https://money.pl
Source: sets.json.4.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.4.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://nacion.com
Source: sets.json.4.dr	String found in binary or memory: https://naukri.com
Source: sets.json.4.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.co
Source: sets.json.4.dr	String found in binary or memory: https://nien.com
Source: sets.json.4.dr	String found in binary or memory: https://nien.org
Source: sets.json.4.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.4.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.4.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.4.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.4.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.4.dr	String found in binary or memory: https://o2.pl
Source: sets.json.4.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.4.dr	String found in binary or memory: https://onet.pl
Source: download-windows.html.2.dr	String found in binary or memory: https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js
Source: download-windows.html.2.dr	String found in binary or memory: https://oss.maxcdn.com/respond/1.4.2/respond.min.js
Source: sets.json.4.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.4.dr	String found in binary or memory: https://p106.net
Source: sets.json.4.dr	String found in binary or memory: https://p24.hu
Source: chromecache_149.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: sets.json.4.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.4.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.4.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.4.dr	String found in binary or memory: https://player.pl
Source: sets.json.4.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.4.dr	String found in binary or memory: https://poalim.site
Source: sets.json.4.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.4.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.4.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.4.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.4.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.4.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.4.dr	String found in binary or memory: https://radio1.be
Source: sets.json.4.dr	String found in binary or memory: https://radio2.be
Source: sets.json.4.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.4.dr	String found in binary or memory: https://repid.org
Source: sets.json.4.dr	String found in binary or memory: https://reshim.org
Source: sets.json.4.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.4.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.4.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.4.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.4.dr	String found in binary or memory: https://samayam.com
Source: sets.json.4.dr	String found in binary or memory: https://sapo.io
Source: sets.json.4.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.4.dr	String found in binary or memory: https://shock.co
Source: sets.json.4.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.4.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.4.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.4.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.4.dr	String found in binary or memory: https://songshare.com
Source: sets.json.4.dr	String found in binary or memory: https://songstats.com
Source: sets.json.4.dr	String found in binary or memory: https://sporza.be
Source: sets.json.4.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.4.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.4.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: chromecache_151.6.dr, chromecache_149.6.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_148.6.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: sets.json.4.dr	String found in binary or memory: https://stripe.com
Source: sets.json.4.dr	String found in binary or memory: https://stripe.network
Source: sets.json.4.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.4.dr	String found in binary or memory: https://supereva.it
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://tagassistant.google.com/
Source: sets.json.4.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.4.dr	String found in binary or memory: https://talkdeskstgid.com
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: https://td.doubleclick.net
Source: sets.json.4.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.4.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.4.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.4.dr	String found in binary or memory: https://text.com
Source: sets.json.4.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.4.dr	String found in binary or memory: https://the42.ie
Source: sets.json.4.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.4.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.4.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.4.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.4.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.4.dr	String found in binary or memory: https://top.pl
Source: sets.json.4.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.4.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.4.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.4.dr	String found in binary or memory: https://tvid.in
Source: sets.json.4.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.4.dr	String found in binary or memory: https://unotv.com
Source: sets.json.4.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.4.dr	String found in binary or memory: https://vrt.be
Source: sets.json.4.dr	String found in binary or memory: https://vwo.com
Source: sets.json.4.dr	String found in binary or memory: https://welt.de
Source: sets.json.4.dr	String found in binary or memory: https://wieistmeineip.de
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://wiki.videolan.org/
Source: sets.json.4.dr	String found in binary or memory: https://wildix.com
Source: sets.json.4.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.4.dr	String found in binary or memory: https://wingify.com
Source: sets.json.4.dr	String found in binary or memory: https://wordle.at
Source: sets.json.4.dr	String found in binary or memory: https://wp.pl
Source: sets.json.4.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.4.dr	String found in binary or memory: https://www.asadcdn.com
Source: chromecache_146.6.dr, chromecache_143.6.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_149.6.dr	String found in binary or memory: https://www.google.com
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_146.6.dr, chromecache_151.6.dr, chromecache_143.6.dr, chromecache_149.6.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_149.6.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_150.6.dr, chromecache_148.6.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: download-windows.html.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-38853043-1
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042258109.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://www.madebyargon.com
Source: chromecache_151.6.dr, chromecache_149.6.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: download-windows.html.2.dr	String found in binary or memory: https://www.paypal.com/cgi-bin/webscr
Source: wget.exe, 00000002.00000003.2042164852.0000000000FD6000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2042164852.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, download-windows.html.2.dr	String found in binary or memory: https://www.twitter.com/videolan
Source: download-windows.html.2.dr	String found in binary or memory: https://www.videolan.org/thank_you.html
Source: wget.exe, 00000002.00000002.2042643405.00000000010F5000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: https://www.videolan.org/vlc/download-windows.html
Source: wget.exe, 00000002.00000002.2042643405.00000000010F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.videolan.org/vlc/download-windows.htmlGON
Source: wget.exe, 00000002.00000002.2042643405.00000000010F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.videolan.org/vlc/download-windows.htmlPROC
Source: sets.json.4.dr	String found in binary or memory: https://ya.ru
Source: sets.json.4.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.4.dr	String found in binary or memory: https://zalo.me
Source: sets.json.4.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.4.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 60850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60772
Source: unknown	Network traffic detected: HTTP traffic on port 60838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60770
Source: unknown	Network traffic detected: HTTP traffic on port 60815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 60712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60776
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 60849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 60803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60782
Source: unknown	Network traffic detected: HTTP traffic on port 60862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60780
Source: unknown	Network traffic detected: HTTP traffic on port 58122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 60770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 60827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60793
Source: unknown	Network traffic detected: HTTP traffic on port 60861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58122
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58121
Source: unknown	Network traffic detected: HTTP traffic on port 58133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60798
Source: unknown	Network traffic detected: HTTP traffic on port 60771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60797
Source: unknown	Network traffic detected: HTTP traffic on port 58135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58128
Source: unknown	Network traffic detected: HTTP traffic on port 60782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58137
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58131
Source: unknown	Network traffic detected: HTTP traffic on port 60816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58132
Source: unknown	Network traffic detected: HTTP traffic on port 60759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 60793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 60802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 58144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60850
Source: unknown	Network traffic detected: HTTP traffic on port 60863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60856
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60855
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 60851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60746
Source: unknown	Network traffic detected: HTTP traffic on port 60828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60866
Source: unknown	Network traffic detected: HTTP traffic on port 60757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 60736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 60852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 60747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60750
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 60801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 60792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 60713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60768
Source: unknown	Network traffic detected: HTTP traffic on port 58134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60764
Source: unknown	Network traffic detected: HTTP traffic on port 60858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 60847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 60805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 58149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58139
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58138
Source: unknown	Network traffic detected: HTTP traffic on port 60745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58148
Source: unknown	Network traffic detected: HTTP traffic on port 60777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58143
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58140
Source: unknown	Network traffic detected: HTTP traffic on port 60754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58149
Source: unknown	Network traffic detected: HTTP traffic on port 60859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58152
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58154
Source: unknown	Network traffic detected: HTTP traffic on port 60711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58150
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60816
Source: unknown	Network traffic detected: HTTP traffic on port 60726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60814
Source: unknown	Network traffic detected: HTTP traffic on port 58131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60813
Source: unknown	Network traffic detected: HTTP traffic on port 58154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60812
Source: unknown	Network traffic detected: HTTP traffic on port 60829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60811
Source: unknown	Network traffic detected: HTTP traffic on port 60750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60810
Source: unknown	Network traffic detected: HTTP traffic on port 60773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60827
Source: unknown	Network traffic detected: HTTP traffic on port 60830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60826
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60820
Source: unknown	Network traffic detected: HTTP traffic on port 60800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60838
Source: unknown	Network traffic detected: HTTP traffic on port 60785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60837
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60836
Source: unknown	Network traffic detected: HTTP traffic on port 60842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60832
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60831
Source: unknown	Network traffic detected: HTTP traffic on port 60737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60830
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60849
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60840
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60844
Source: unknown	Network traffic detected: HTTP traffic on port 60864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60722
Source: unknown	Network traffic detected: HTTP traffic on port 60751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60720

Source: unknown	HTTPS traffic detected: 213.36.253.2:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.5:60714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:60721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:60733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:60742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:60754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:60792 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\Google.Widevine.CDM.dll	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_3380_1176688420

Jump to behavior

PE file contains more sections than normal

Source: Google.Widevine.CDM.dll.4.dr

Static PE information: Number of sections : 12 > 10

Source: classification engine

Classification label: clean7.win@25/26@5/5

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6844:120:WilError_03

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.videolan.org/vlc/download-windows.html" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.videolan.org/vlc/download-windows.html"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\download\download-windows.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1760,i,8591697756766500833,3544110521577231241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://www.videolan.org/vlc/download-windows.html"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1760,i,8591697756766500833,3544110521577231241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.4.dr

PE file contains sections with non-standard names

Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.4.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\Google.Widevine.CDM.dll

Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\Google.Widevine.CDM.dll

Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: wget.exe, 00000002.00000002.2042477505.0000000000A68000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: unknown

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1530826
Product:	CloudBasic
Start time:	15:31:12
Start date:	10.10.2024
Cookbook:	urldownload.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	07AE7335E37DC51651E6A086445AE89E	F74E5EA1D4A782C6764C1395639DEAC6921A0742	C0A5C262ACF30D359B4D1280A372E01F1C0EAFCD8A6DFC92CAB3C9395B43B64D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CFF8695A7F468000481978AC44F3E118	6DBDEE8073DA0BF644FA98FD6DFC19DDA92535F2	EE9DFE66131BB08676C8FD0D7685C2EBBCA16EFDD25154FB37D67C688352CAFB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E5B7341E4AB74B21A1EBD59290349EFA	60DA168A8C00FF2D34DFDB5A0608042E02F98060	3D659A9A8548E0EDBA53245A4E0B0190715B39CBBC9BD4EF10963799FE368962
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	40F02B8EC68D3C4C3AC6095932C6A6AA	BCFC9999F0A1731C44641C528B918741578E9ED0	2A31FCABA76E18B907EA3AE487BACA69C23FE3BB7C07023DA01D8455072EC5C9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	78D1DA876857374988F58386EE531D0C	8BC9E3B9A49A2CEA9EA347D00E8F9C3C4EC52D9F	5D90C228916E4198502B952ADE5C7EF1DA0A5774D9C76E5C022EF6DB72FEBE58
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 12:32:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	868C17F710F34EFEF9548492703D38F9	EDE68ECA5B3D724B9463D4531E06B38A39E90440	25D8BB0A460D4795FFBBC2ACAEEAABF9BBBD3737963854BF81B93B6AE6773461
C:\Users\user\Desktop\cmdline.out	ASCII text, with CRLF line terminators	863D9A167DAEB57C98F194078E41C75C	BFFE2A8243FAB4D98D88C124A937F63C78CD1072	28F8425D78C0988A3AC43D6515E201195AD71FB4E5BFD114E1F300DD283D9CCB
C:\Users\user\Desktop\download\download-windows.html	HTML document, Unicode text, UTF-8 text, with very long lines (1131)	F21431494DA6D2945CBF714246B5895E	34A7E1B033888B7C6992012670699FB6F0CD9F22	2A94CC9BA4037F781CF363E1C3A6382C62BC4F25F22B2FAAD19768DA6BE28E78
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\_metadata\verified_contents.json	JSON data	68E6B5733E04AB7BF19699A84D8ABBC2	1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0	F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\manifest.fingerprint	ASCII text, with no line terminators	CFB54589424206D0AE6437B5673F498D	D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609	285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\manifest.json	JSON data	C3419069A1C30140B77045ABA38F12CF	11920F0C1E55CADC7D2893D1EEBB268B3459762A	DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_2080013251\sets.json	JSON data	EEA4913A6625BEB838B3E4E79999B627	1B4966850F1B117041407413B70BFA925FD83703	20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\Google.Widevine.CDM.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	477C17B6448695110B4D227664AA3C48	949FF1136E0971A0176F6ADEA8ADCC0DD6030F22	CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\_metadata\verified_contents.json	JSON data	3E839BA4DA1FFCE29A543C5756A19BDF	D8D84AC06C3BA27CCEF221C6F188042B741D2B91	43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\manifest.fingerprint	ASCII text, with no line terminators	D30A5BBC00F7334EEDE0795D147B2E80	78F3A6995856854CAD0C524884F74E182F9C3C57	A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3380_30737552\manifest.json	JSON data	BBC03E9C7C5944E62EFC9C660B7BD2B6	83F161E3F49B64553709994B048D9F597CDE3DC6	6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
Chrome Cache Entry: 143	ASCII text, with very long lines (4201)	D131268C2A47A634780DD70C482B06E1	7749DF93CEF86F1243AD40307FFAE8D689DCFE18	C05795F1C4FB9CDA5A75D35DEB6ABDC0EFEFBB557C2D9AAEE7CEAABFA8D08E4D
Chrome Cache Entry: 146	ASCII text, with very long lines (4201)	54EEBF5330CC1FAAD55A1A8301828797	8050D984C80625D6962785AC07C28144ED26213E	EE31B480371B0BA2DEC00ABECCCBEB8CDE3B7FEC5E412FB84AF3B5BD5B5F39CB
Chrome Cache Entry: 148	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 149	ASCII text, with very long lines (5945)	54FFF94E111C737B69B32D3FA88FB30A	373213417E7A3740596E29731F44832414ACECE3	D2CCECA8411FCBA2B5240E1CB8EE2EBA163F91C0871BF9382679E73C31D5A0D3
Chrome Cache Entry: 150	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 151	ASCII text, with very long lines (5945)	CC77F08A399DEB00B266D09270FC2D13	4EAF5481EB4667853F045CDA4AF8582E31D94090	91870CE977DC94FA53B1E2971D9ECD04DDFC3CC1F56D67902F85E41D4AC4E150

Windows Analysis Report
https://www.videolan.org/vlc/download-windows.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://www.videolan.org/vlc/download-windows.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://www.videolan.org/vlc/download-windows.html