Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Set-up.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.988381481741982
Filename:	Set-up.exe
Filesize:	2729072
MD5:	4b923f3600f76ea3fcf20959d94369ac
SHA1:	b79ce50dcabc145555a36e7d97f341644107157b
SHA256:	b80b75d889d42db1bbd9bc8b748c5c9390bb015286931579c1bcac7562de6a56
SHA512:	54fc3dcb0ff35a97860c0f0b36cdfa310f0b2b918cd810fdca8183faaa150c17b978b6f79c91c65abc7a784cc3ee8ba6b62c29592f87018739096e52608a9031
SSDEEP:	49152:gGSXoV72tpV9XE8Gwi1aCvYMdRluSBw44RGLaLgPZ:Q4OE5wiICvYMpfL1
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b..rk...k.@rk.....@rk...i.@rk.RichArk................

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
Checks if the current process is being debugged	Anti Debugging	Virtualization/Sandbox Evasion Security Software Discovery
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to call native functions	System Summary
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Process Discovery Clipboard Data
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection
Contains functionality to read the PEB	Anti Debugging
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing
Detected potential crypto function	System Summary	Process Discovery Archive Collected Data Encrypted Channel
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities	Obfuscated Files or Information
Found large amount of non-executed APIs	Malware Analysis System Evasion
Found potential string decryption / allocating functions	System Summary
Installs a raw input device (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Monitors certain registry keys / values for changes (often done to protect autostart functionality)	Hooking and other Techniques for Hiding and Protection	Query Registry
One or more processes crash	System Summary
PE / OLE file has an invalid certificate	System Summary
PE file contains an invalid checksum	Data Obfuscation
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)	Malware Analysis System Evasion	Windows Management Instrumentation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to register its own exception handler	Anti Debugging
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Found strings which match to known social media urls	Networking
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
PE file has an executable .text section and no other executable section	System Summary
Queries a list of all running processes	Malware Analysis System Evasion
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a big raw section	System Summary
PE file exports many functions	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Set-up.exe_4c9c2ad393d0b659aa78fea51f43981ea82cba10_6ae3b109_e4f0c861-ae91-41e5-a571-8f8d191fc96d\Report.wer

data

dropped

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Set-up.exe_4c9c2ad393d0b659aa78fea51f43981ea82cba10_6ae3b109_e4f0c861-ae91-41e5-a571-8f8d191fc96d\Report.wer
Category:	dropped
Dump:	Report.wer.6.dr
ID:	dr_0
Target ID:	6
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	data
Entropy:	1.12713315719208
Encrypted:	false
Ssdeep:	192:ljRU3MX0BU/ojRSetOruLIAzuiFECZ24IO8t:hRuMkBU/ojZ/LIAzuiFPY4IO8t
Size:	65536
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
PE / OLE file has an invalid certificate	System Summary
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a big raw section	System Summary
PE file exports many functions	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\ProgramData\Microsoft\Windows\WER\Temp\WER837C.tmp.dmp

Mini DuMP crash report, 15 streams, Sun Oct 13 09:42:24 2024, 0x1205a4 type

dropped

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER837C.tmp.dmp
Category:	dropped
Dump:	WER837C.tmp.dmp.6.dr
ID:	dr_2
Target ID:	6
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 15 streams, Sun Oct 13 09:42:24 2024, 0x1205a4 type
Entropy:	2.0465899784269173
Encrypted:	false
Ssdeep:	768:+GN1vjSKBgNSheKnJoRBx9fs3Jd1Sv/QRS:++ILyJoXfstSv/Q
Size:	134188
Whitelisted:	false
Reputation:	low

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8477.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8477.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER8477.tmp.WERInternalMetadata.xml.6.dr
ID:	dr_3
Target ID:	6
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.7003729787765485
Encrypted:	false
Ssdeep:	192:R6l7wVeJMAm6iw76Y9pSU9eYHqgmfNRpr189bsWsfEEm:R6lXJMZ6iw76YDSU9eYHqgmfNes1fO
Size:	8354
Whitelisted:	false
Reputation:	low

C:\ProgramData\Microsoft\Windows\WER\Temp\WER84A7.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER84A7.tmp.xml
Category:	dropped
Dump:	WER84A7.tmp.xml.6.dr
ID:	dr_4
Target ID:	6
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.496741969809943
Encrypted:	false
Ssdeep:	48:cvIwWl8zsRJg77aI9AbWpW8VY5Ym8M4JuqFMi+q8xFU7Yb6YM4Hd:uIjfjI7iq7VJJUi8U79YM4Hd
Size:	4664
Whitelisted:	false
Reputation:	low

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

Details

File:	C:\Windows\appcompat\Programs\Amcache.hve
Category:	dropped
Dump:	Amcache.hve.6.dr
ID:	dr_1
Target ID:	6
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	MS Windows registry file, NT/2000 or above
Entropy:	4.465509726421408
Encrypted:	false
Ssdeep:	6144:1IXfpi67eLPU9skLmb0b4FWSPKaJG8nAgejZMMhA2gX4WABl0uNvdwBCswSbn:2XD94FWlLZMM6YFHZ+n
Size:	1835008
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Set-up.exe

"C:\Users\user\Desktop\Set-up.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1012
Target ID:	0
Parent PID:	2580
Name:	Set-up.exe
Path:	C:\Users\user\Desktop\Set-up.exe
Commandline:	"C:\Users\user\Desktop\Set-up.exe"
Size:	2729072
MD5:	4B923F3600F76EA3FCF20959D94369AC
Time:	05:42:01
Date:	13/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xa60000
Modulesize:	2732032
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Deobfuscate/Decode Files or Information
PE / OLE file has an invalid certificate	System Summary
PE file contains an invalid checksum	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a big raw section	System Summary
PE file exports many functions	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 1600

Details

Is windows:	true
Is dropped:	false
PID:	1184
Target ID:	6
Parent PID:	1012
Name:	WerFault.exe
Path:	C:\Windows\SysWOW64\WerFault.exe
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 1600
Size:	483680
MD5:	C31336C1EFC2CCB44B4326EA793040F2
Time:	05:42:23
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x280000
Modulesize:	499712
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

enlargkiw.sbs

https://vennurviot.sbs/

unknown

allocatinow.sbs

sippymroat.cfd

drawwyobstacw.sbs

https://sippymroat.cfd/api

188.114.97.3

mathcucom.sbs

https://steamcommunity.com/profiles/76561199724331900

104.102.49.254

https://vennurviot.sbs/api/4

unknown

https://vennurviot.sbs/api

172.67.140.193

https://steamcommunity.com/profiles/76561199724331900/inventory/

unknown

ehticsprocw.sbs

condifendteu.sbs

https://drawwyobstacw.sbs/api

188.114.96.3

https://steamcommunity.com/profiles/76561199724331900Q1

unknown

https://www.cloudflare.com/learning/access-management/phishing-attack/

unknown

https://player.vimeo.com

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp

unknown

https://steamcommunity.com/?subsection=broadcasts

unknown

http://www.activestate.comHolger

unknown

https://sergei-esenin.com/

unknown

https://store.steampowered.com/subscriber_agreement/

unknown

https://www.gstatic.cn/recaptcha/

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6

unknown

http://www.valvesoftware.com/legal.htm

unknown

https://www.youtube.com

unknown

https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

unknown

https://www.google.com

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&

unknown

https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

unknown

http://www.spaceblue.com

unknown

https://steamcommunity.com/a1

unknown

https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi

unknown

https://s.ytimg.com;

unknown

http://www.develop.comDeepak

unknown

https://steam.tv/

unknown

https://ehticsprocw.sbs/pi

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english

unknown

http://www.activestate.com

unknown

http://store.steampowered.com/privacy_agreement/

unknown

https://store.steampowered.com/points/shop/

unknown

https://enlargkiw.sbs/

unknown

https://sketchfab.com

unknown

https://lv.queniujq.cn

unknown

https://www.youtube.com/

unknown

https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg

unknown

https://store.steampowered.com/privacy_agreement/

unknown

http://www.spaceblue.comMathias

unknown

https://www.cloudflare.com/5xx-error-landing

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en

unknown

https://sergei-esenin.com/r

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0

unknown

https://sergei-esenin.com:443/api

unknown

https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a

unknown

https://mathcucom.sbs/

unknown

http://www.lua.org

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am

unknown

https://www.google.com/recaptcha/

unknown

https://checkout.steampowered.com/

unknown

https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english

unknown

https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english

unknown

https://ehticsprocw.sbs/j

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png

unknown

https://avatars.akamai.steamstatic

unknown

https://ehticsprocw.sbs/

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis

unknown

https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC

unknown

https://store.steampowered.com/;

unknown

https://store.steampowered.com/about/

unknown

https://steamcommunity.com/my/wishlist/

unknown

https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english

unknown

http://www.scintilla.org/scite.rng

unknown

https://help.steampowered.com/en/

unknown

https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/

unknown

https://steamcommunity.com/market/

unknown

https://store.steampowered.com/news/

unknown

https://allocatinow.sbs/apisC

unknown

https://community.akamai.steamstatic.com/

unknown

https://allocatinow.sbs/2

unknown

http://store.steampowered.com/subscriber_agreement/

unknown

https://allocatinow.sbs/api

unknown

https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org

unknown

http://www.baanboard.comBrendon

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1

unknown

https://recaptcha.net/recaptcha/;

unknown

https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en

unknown

https://www.smartsharesystems.com/

unknown

http://www.scintilla.org

unknown

https://ehticsprocw.sbs/B

unknown

https://steamcommunity.com/discussions/

unknown

https://store.steampowered.com/stats/

unknown

https://medal.tv

unknown

https://broadcast.st.dl.eccdnx.com

unknown

https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1

unknown

https://store.steampowered.com/steam_refunds/

unknown

http://www.develop.com

unknown

https://resinedyw.sbs/

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

condifendteu.sbs

172.67.141.136

steamcommunity.com

104.102.49.254

sippymroat.cfd

188.114.97.3

vennurviot.sbs

172.67.140.193

drawwyobstacw.sbs

188.114.96.3

mathcucom.sbs

188.114.96.3

sergei-esenin.com

104.21.53.8

ehticsprocw.sbs

104.21.30.221

resinedyw.sbs

104.21.77.78

enlargkiw.sbs

172.67.152.13

allocatinow.sbs

unknown

There are 1 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

104.21.53.8

sergei-esenin.com

United States

Details

IP:	104.21.53.8
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	sergei-esenin.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

188.114.97.3

sippymroat.cfd

European Union

Details

IP:	188.114.97.3
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	sippymroat.cfd

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

188.114.96.3

drawwyobstacw.sbs

European Union

Details

IP:	188.114.96.3
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	drawwyobstacw.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

172.67.152.13

enlargkiw.sbs

United States

Details

IP:	172.67.152.13
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	enlargkiw.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.21.30.221

ehticsprocw.sbs

United States

Details

IP:	104.21.30.221
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	ehticsprocw.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

172.67.141.136

condifendteu.sbs

United States

Details

IP:	172.67.141.136
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	condifendteu.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.102.49.254

steamcommunity.com

United States

Details

IP:	104.102.49.254
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false
Domain:	steamcommunity.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

172.67.140.193

vennurviot.sbs

United States

Details

IP:	172.67.140.193
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	vennurviot.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.21.77.78

resinedyw.sbs

United States

Details

IP:	104.21.77.78
TargetID:	0
Current Path:	C:\Users\user\Desktop\Set-up.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	resinedyw.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking