Windows Analysis Report
https://botnet.app/k4q.exe

Overview

General Information

Sample URL: https://botnet.app/k4q.exe
Analysis ID: 1540475
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Machine Learning detection for dropped file
Detected non-DNS traffic on DNS port
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Yara signature match

Classification

AV Detection

barindex
Source: /opt/package/joesandbox/database/analysis/1540475/temp/droppedscan/chromecache_107 Joe Sandbox ML: detected
Source: C:\Users\user\Downloads\Unconfirmed 744513.crdownload Joe Sandbox ML: detected
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:64171 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.67:443 -> 192.168.2.4:64172 version: TLS 1.2
Source: global traffic TCP traffic: 192.168.2.4:64169 -> 1.1.1.1:53
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: global traffic HTTP traffic detected: GET /k4q.exe HTTP/1.1Host: botnet.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=X2U3dml66nC6s34&MD=EG5VrksU HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=X2U3dml66nC6s34&MD=EG5VrksU HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic DNS traffic detected: DNS query: botnet.app
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 64209 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 64238 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64220
Source: unknown Network traffic detected: HTTP traffic on port 64221 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64187 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64219
Source: unknown Network traffic detected: HTTP traffic on port 64296 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64218
Source: unknown Network traffic detected: HTTP traffic on port 64250 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64273 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64211
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64210
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64213
Source: unknown Network traffic detected: HTTP traffic on port 64193 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64212
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64215
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64214
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64217
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64216
Source: unknown Network traffic detected: HTTP traffic on port 64176 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64285 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64256 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64231
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64230
Source: unknown Network traffic detected: HTTP traffic on port 64204 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64182 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64229
Source: unknown Network traffic detected: HTTP traffic on port 64267 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64291 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64222
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64221
Source: unknown Network traffic detected: HTTP traffic on port 64215 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64224
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64223
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64226
Source: unknown Network traffic detected: HTTP traffic on port 64232 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64225
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64228
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64227
Source: unknown Network traffic detected: HTTP traffic on port 64284 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64240
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64242
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64241
Source: unknown Network traffic detected: HTTP traffic on port 64290 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64203 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64226 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64268 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64245 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64233
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64232
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64235
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64234
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64237
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64236
Source: unknown Network traffic detected: HTTP traffic on port 64199 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64239
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64238
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64251
Source: unknown Network traffic detected: HTTP traffic on port 64237 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64250
Source: unknown Network traffic detected: HTTP traffic on port 64262 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64253
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64252
Source: unknown Network traffic detected: HTTP traffic on port 64279 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64220 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64188 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64251 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64244
Source: unknown Network traffic detected: HTTP traffic on port 64194 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64243
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64246
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64245
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64248
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64247
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64249
Source: unknown Network traffic detected: HTTP traffic on port 64211 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64177 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64234 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64205 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64228 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64183 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64266 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64254 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64289 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64260 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64239 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64277 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64243 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64189 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64200 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64295 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64261 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64255 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64278 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64222 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64294 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64249 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64216 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64178 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64210 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64233 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64283 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64184 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64227 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64208
Source: unknown Network traffic detected: HTTP traffic on port 64272 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64207
Source: unknown Network traffic detected: HTTP traffic on port 64190 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64209
Source: unknown Network traffic detected: HTTP traffic on port 64244 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64200
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64202
Source: unknown Network traffic detected: HTTP traffic on port 64173 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64201
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64204
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64203
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64206
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64205
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64181
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64180
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64183
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64182
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64185
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64184
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64187
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64186
Source: unknown Network traffic detected: HTTP traffic on port 64282 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64201 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64247 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64224 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64178
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64177
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64298
Source: unknown Network traffic detected: HTTP traffic on port 64218 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64179
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64192
Source: unknown Network traffic detected: HTTP traffic on port 64235 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64191
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64194
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64193
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64196
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64198
Source: unknown Network traffic detected: HTTP traffic on port 64264 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64197
Source: unknown Network traffic detected: HTTP traffic on port 64229 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64190
Source: unknown Network traffic detected: HTTP traffic on port 64270 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64189
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64188
Source: unknown Network traffic detected: HTTP traffic on port 64253 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64288 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64179 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64196 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64259 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64265 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64242 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64185 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64191 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64298 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64271 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64199
Source: unknown Network traffic detected: HTTP traffic on port 64172 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64212 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64174 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64180 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64287 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64206 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64223 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64293 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64276 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64248 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64217 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64260
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64262
Source: unknown Network traffic detected: HTTP traffic on port 64263 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64261
Source: unknown Network traffic detected: HTTP traffic on port 64286 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64264
Source: unknown Network traffic detected: HTTP traffic on port 64257 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64263
Source: unknown Network traffic detected: HTTP traffic on port 64240 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64292 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64255
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64254
Source: unknown Network traffic detected: HTTP traffic on port 64231 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64257
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64256
Source: unknown Network traffic detected: HTTP traffic on port 64214 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64259
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64258
Source: unknown Network traffic detected: HTTP traffic on port 64197 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64271
Source: unknown Network traffic detected: HTTP traffic on port 64208 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64270
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64273
Source: unknown Network traffic detected: HTTP traffic on port 64281 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64272
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64275
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64274
Source: unknown Network traffic detected: HTTP traffic on port 64186 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64225 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64219 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64246 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64274 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64266
Source: unknown Network traffic detected: HTTP traffic on port 64171 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64265
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64268
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64267
Source: unknown Network traffic detected: HTTP traffic on port 64192 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64269
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64280
Source: unknown Network traffic detected: HTTP traffic on port 64236 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64175 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64282
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64281
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64284
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64283
Source: unknown Network traffic detected: HTTP traffic on port 64280 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64286
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64285
Source: unknown Network traffic detected: HTTP traffic on port 64181 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64207 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64275 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64277
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64276
Source: unknown Network traffic detected: HTTP traffic on port 64252 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64279
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64278
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64291
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64290
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64172
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64293
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64171
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64292
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64174
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64295
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64173
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64294
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64176
Source: unknown Network traffic detected: HTTP traffic on port 64258 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64297
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64175
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64296
Source: unknown Network traffic detected: HTTP traffic on port 64241 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64202 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64297 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64269 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64288
Source: unknown Network traffic detected: HTTP traffic on port 64230 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64287
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64289
Source: unknown Network traffic detected: HTTP traffic on port 64213 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64198 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:64171 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.67:443 -> 192.168.2.4:64172 version: TLS 1.2

System Summary

barindex
Source: sslproxydump.pcap, type: PCAP Matched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
Source: dropped/chromecache_107, type: DROPPED Matched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
Source: dropped/chromecache_107, type: DROPPED Matched rule: Detects Sliver implant cross-platform adversary emulation/red team Author: ditekSHen
Source: C:\Users\user\Downloads\Unconfirmed 744513.crdownload, type: DROPPED Matched rule: Multi_Trojan_Bishopsliver_42298c4a Author: unknown
Source: C:\Users\user\Downloads\Unconfirmed 744513.crdownload, type: DROPPED Matched rule: Detects Sliver implant cross-platform adversary emulation/red team Author: ditekSHen
Source: 18f0d795-3375-4d20-880f-3f371ff87569.tmp.0.dr Static PE information: No import functions for PE file found
Source: 18f0d795-3375-4d20-880f-3f371ff87569.tmp.0.dr Static PE information: Data appended to the last section found
Source: sslproxydump.pcap, type: PCAP Matched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
Source: dropped/chromecache_107, type: DROPPED Matched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
Source: dropped/chromecache_107, type: DROPPED Matched rule: INDICATOR_TOOL_Sliver author = ditekSHen, description = Detects Sliver implant cross-platform adversary emulation/red team
Source: C:\Users\user\Downloads\Unconfirmed 744513.crdownload, type: DROPPED Matched rule: Multi_Trojan_Bishopsliver_42298c4a reference_sample = 3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007, os = multi, severity = x86, creation_date = 2021-10-20, scan_context = file, memory, license = Elastic License v2, threat_name = Multi.Trojan.Bishopsliver, fingerprint = 0734b090ea10abedef4d9ed48d45c834dd5cf8e424886a5be98e484f69c5e12a, id = 42298c4a-fcea-4c5a-b213-32db00e4eb5a, last_modified = 2022-01-14
Source: C:\Users\user\Downloads\Unconfirmed 744513.crdownload, type: DROPPED Matched rule: INDICATOR_TOOL_Sliver author = ditekSHen, description = Detects Sliver implant cross-platform adversary emulation/red team
Source: classification engine Classification label: mal52.win@23/4@4/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\18f0d795-3375-4d20-880f-3f371ff87569.tmp Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2300,i,11782296733921319634,16497411758730434776,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://botnet.app/k4q.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=2300,i,11782296733921319634,16497411758730434776,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2300,i,11782296733921319634,16497411758730434776,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=2300,i,11782296733921319634,16497411758730434776,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: 18f0d795-3375-4d20-880f-3f371ff87569.tmp.0.dr Static PE information: section name: .symtab
Source: Unconfirmed 744513.crdownload.0.dr Static PE information: section name: .symtab
Source: chromecache_107.2.dr Static PE information: section name: .symtab
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 107 Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\18f0d795-3375-4d20-880f-3f371ff87569.tmp Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 744513.crdownload Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 107
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 107 Jump to dropped file
Source: chromecache_107.2.dr, Unconfirmed 744513.crdownload.0.dr Binary or memory string: *dZDg8GOlWha.RqemuDU6
Source: chromecache_107.2.dr, Unconfirmed 744513.crdownload.0.dr Binary or memory string: "*func(dZDg8GOlWha.RqemuDU6, int32)
Source: chromecache_107.2.dr, Unconfirmed 744513.crdownload.0.dr Binary or memory string: "*XQW6SOEMa.RportFwdStopListenerReq"*Y80d3IDiHfq.multiCounterIGMPStats"*[8]*MiA8NVDKeh.packetEndpointList"*[8]*MiA8NVDKeh.transportEndpoints"*[8]MiA8NVDKeh.TransportEndpointID"*[]HwWE4DL3SzH.multicastMembership"*[]MiA8NVDKeh.RawTransportEndpoint"*eT8t9i6qa.globalRequestFailureMsg"*eT8t9i6qa.globalRequestSuccessMsg"*func() (*LuLvUz6.A2_7ZWQg, error)"*func() (*xbofRUK.A5QXv9ht, error)"*func() (Lx24CX.ETypeInfo2, error)"*func() (int, kLj9yJ.BK3pmQ1, int)"*func() *XQW6SOEMa.PeerFailureType"*func() []*MiA8NVDKeh.PacketBuffer"*func() []*XQW6SOEMa.PivotListener"*func() []*XQW6SOEMa.WGSocksServer"*func() chan WRtn1ApPRs8.Z9vzm0qEY"*func(*dz_FcOJJP0i.LBUaAyUfuY) int"*func(*interface {}) *interface {}"*func(*v5xoCvbpNxIf.PklUPqhn) bool"*func(CI_J6CFTLJ.Hth7_DC3Sp3) bool"*func(CI_J6CFTLJ.HzD6zzL0gNo) bool"*func(CI_J6CFTLJ.SeCWup2SHR_) bool"*func(CI_J6CFTLJ.Xeh8d_ynYJ) error"*func(J_A82jwUL.qN9sS_wFFs) string"*func(KtubafaKzHq.jUkqZyneKr) bool"*func(MiA8NVDKeh.WpeX0Q3r_3C) bool"*func(TAvZdvPig9D.gSUmyK4YFN) bool"*func([]interface {}, bool, error)"*func([]uint8, int64) (int, error)"*func(dZDg8GOlWha.RqemuDU6, int32)"*func(int) CI_J6CFTLJ.GmtyLs5TbdKS"*func(int) CI_J6CFTLJ.HjUVHri_Fa5h"*func(int) CI_J6CFTLJ.OjTTuf6tBb9S"*func(int) CI_J6CFTLJ.Q0eQVQk87mEb"*func(int) MiA8NVDKeh.F0TYSKd2oxgY"*func(int, int, int) reflect.Value"*func(int, uintptr) unsafe.Pointer"*func(kLj9yJ.Z2cVa5tmI5, int) bool"*func(lCcwlOsEd5.HJ1vjcHM2Q) error"*func(nJ_2GX.SQX3zy) nJ_2GX.SQX3zy"*func(reflect.Value) reflect.Value"*func(string, string, string) bool"*func(uSu4g0ECu2IG.Z4v06nGiI) bool"*func(uintptr) J_A82jwUL.eS1kUdGyt"*func(wvcYPfgeP.GgczmVpryDGh) bool"*interface { IsMessageSet() bool }"*map.bucket[CI_J6CFTLJ.Ncis1QN]int"*map.bucket[eT8t9i6qa.NExJ5Wz_]int"*map.bucket[g4AdiO.JeKDqicz]string"*map.bucket[g4AdiO.v5XCEAwR]string"*map.bucket[int]*rCYAq7.ELx5VOxfhI"*map.bucket[int]*rCYAq7.H3UVn7jYcG"*map.bucket[int]*uMojai.D9I4GEKyPy"*map.bucket[qomvJW6Y9f.yhT0oW3]int"*map.bucket[string][]uMojai.rwW3zn"*map.bucket[zRzbzF.CbG0Z5v6]string"*map[*dhZuZLdTBsRn.CBoQLGNyPx1]int"*map[TAvZdvPig9D.flVctHkCmJ]string"*map[TAvZdvPig9D.gSUmyK4YFN]string"*map[string]CI_J6CFTLJ.SeCWup2SHR_"*map[string]uSu4g0ECu2IG.JH2wY6v_k"*map[unsafe.Pointer]unsafe.Pointer
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs