Windows Analysis Report
setup.msi

Overview

General Information

Sample name:	setup.msi
Analysis ID:	1541162
MD5:	d76a468a9012e63f24b706c3517c877e
SHA1:	1aa6752889be7d67dd3f152980ea04c063e04ad0
SHA256:	bdd01ab5e2001be0ccda94e6f70c2ac850a8652b1eba734f285f24dd0f810255
Tags:	msiuser-N3utralZ0ne
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious sample

Performs DNS queries to domains with low reputation

Tries to resolve many domain names, but no domain seems valid

Checks for available system drives (often done to infect USB drives)

Connects to many different domains

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Executes massive DNS lookups (> 100)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Suspicious MsiExec Embedding Parent

Uses a known web browser user agent for HTTP communication

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.4% probability

Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:56185 version: TLS 1.2

Source:

Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: setup.msi, 4f9ae8.msi.1.dr, MSI9BF1.tmp.1.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\	Jump to behavior

Networking

Performs DNS queries to domains with low reputation

Source:	DNS query: ygiqycocskiqysoa.xyz
Source:	DNS query: eyoyiqskiciwwoyw.xyz
Source:	DNS query: ueaokkmeuioagwuc.xyz
Source:	DNS query: wiaiwegmqcmwcouw.xyz
Source:	DNS query: muuagqkickggsewc.xyz
Source:	DNS query: uyicacsgusyikwmy.xyz
Source:	DNS query: qcwcksiayqqmwssm.xyz
Source:	DNS query: ekacwgokqcscqysi.xyz
Source:	DNS query: esuyiyesukcuoico.xyz
Source:	DNS query: oeegecksewamggaa.xyz
Source:	DNS query: yyacmosgygqayqys.xyz
Source:	DNS query: cgeewuguwiikcwug.xyz
Source:	DNS query: qckwwsmukogkeuge.xyz
Source:	DNS query: keoqiqigggqkcykq.xyz
Source:	DNS query: kqsamcsauqiagmma.xyz
Source:	DNS query: mocikyoeikocwkuc.xyz
Source:	DNS query: uymiagmwmqmimewm.xyz
Source:	DNS query: gcikuiqswcgsscog.xyz
Source:	DNS query: qwmaokcmiwuqqyes.xyz
Source:	DNS query: igaiseoqksuoukqg.xyz
Source:	DNS query: kqukwaogqoucsaas.xyz
Source:	DNS query: miacggmycyqikoyq.xyz
Source:	DNS query: woceumwmwioocusa.xyz
Source:	DNS query: acgcaiyykiigugms.xyz
Source:	DNS query: cogsyycsuwoysugi.xyz
Source:	DNS query: oekyamueeiiousia.xyz
Source:	DNS query: wukaqiusicksuguo.xyz
Source:	DNS query: yyusosuyycoeikgo.xyz
Source:	DNS query: kqoceoymymoicqky.xyz
Source:	DNS query: uykkwkqqemamguwa.xyz
Source:	DNS query: oyekqyccewougasu.xyz
Source:	DNS query: ymsaymyugccysmow.xyz
Source:	DNS query: omuquowgiusiesgk.xyz
Source:	DNS query: wiywykakusaygisc.xyz
Source:	DNS query: aqmqywkwsmmayyoi.xyz
Source:	DNS query: cuccygameukkeumw.xyz
Source:	DNS query: ukekykoqskumoikg.xyz
Source:	DNS query: uyqcacmsiquuwggq.xyz
Source:	DNS query: ysoqqwckkqssyigm.xyz
Source:	DNS query: yyemsyoimicqmais.xyz
Source:	DNS query: miigookwguakmkeu.xyz
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	DNS query: qiuswcgwaqgemwcg.xyz
Source:	DNS query: wuusiiukmwcmimyk.xyz
Source:	DNS query: uqyukkamycuaimsu.xyz
Source:	DNS query: woeamasicuiqyckq.xyz
Source:	DNS query: akaueuwoocwkkoya.xyz
Source:	DNS query: qciqgoeogwwmwkcw.xyz
Source:	DNS query: ucwesqiquqggymqe.xyz
Source:	DNS query: mgseamqmgkqcuewy.xyz
Source:	DNS query: gaoweoyqcuuykwgu.xyz
Source:	DNS query: oqegmuqkgyaywwmc.xyz
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	DNS query: qusmiuqmmgqsgeci.xyz
Source:	DNS query: yqcakkmwigkaumii.xyz
Source:	DNS query: qokykyyigsyqggqe.xyz
Source:	DNS query: cyyyokugycioysok.xyz
Source:	DNS query: iqcaysimoeeqamky.xyz
Source:	DNS query: yekiwquqaacesqqq.xyz
Source:	DNS query: gmooqswyuuqaiomi.xyz
Source:	DNS query: kuiomoiwauwckqeq.xyz
Source:	DNS query: ceucuuwiwwuiweaq.xyz
Source:	DNS query: cycscsqyqkeaykgc.xyz
Source:	DNS query: ssagiiaauyewiswa.xyz
Source:	DNS query: ggwsuoyyioagegkw.xyz
Source:	DNS query: ieikmuieoqqmugwu.xyz
Source:	DNS query: kcqkucqkogqiuukw.xyz
Source:	DNS query: oqouwceoowyiwgag.xyz
Source:	DNS query: gakowseyscmeqkya.xyz
Source:	DNS query: quisoakcuqsygyyc.xyz
Source:	DNS query: auuisqaykqgeesae.xyz
Source:	DNS query: iyawyckqggkwsyoq.xyz
Source:	DNS query: ecmyomcaicqysoqw.xyz
Source:	DNS query: iqcqqquiwomgsmma.xyz
Source:	DNS query: ssegwgieumyoasym.xyz
Source:	DNS query: ssegwgieumyoasym.xyz
Source:	DNS query: ceeomiecgymecgau.xyz
Source:	DNS query: myisokqwsmqeusuy.xyz
Source:	DNS query: ywkamsiogkycyosy.xyz
Source:	DNS query: ggkyecqguqkkuoso.xyz
Source:	DNS query: kcyoeiykekuqkkmg.xyz
Source:	DNS query: ikwyuqgsegcgcccg.xyz
Source:	DNS query: wgswkwaesqqwkoaa.xyz
Source:	DNS query: eqkkkcuwkiqiecac.xyz
Source:	DNS query: kigcewceemkckeow.xyz
Source:	DNS query: ykaimcgigakggwec.xyz
Source:	DNS query: uceaygkekiassamu.xyz
Source:	DNS query: seioywksogeseqig.xyz
Source:	DNS query: ssoqscyewimqiqme.xyz
Source:	DNS query: kocgeaeoakgqewog.xyz
Source:	DNS query: kuiqsugkqeoscguo.xyz
Source:	DNS query: kcsqwmkusesaccwa.xyz
Source:	DNS query: ywyawywiuyecuiuu.xyz
Source:	DNS query: uowowiqiyeiuwmcc.xyz
Source:	DNS query: uokqeaieowiogsgc.xyz
Source:	DNS query: ikoqkscwsowwukmi.xyz
Source:	DNS query: iymukyseoieqccac.xyz
Source:	DNS query: qascmswkaisogoaq.xyz
Source:	DNS query: gacgceaygaecuguy.xyz
Source:	DNS query: eqyyguuwsyqaqgsq.xyz
Source:	DNS query: ewywcoeukaoaegci.xyz
Source:	DNS query: mmygsewuukqkiiok.xyz
Source:	DNS query: wgyimykogekgewoa.xyz
Source:	DNS query: uiguoqqagkiuagyc.xyz
Source:	DNS query: kcesagqugouwkqyg.xyz
Source:	DNS query: yqeugeoquqsokgqk.xyz
Source:	DNS query: eigkgwkyuqssgamw.xyz
Source:	DNS query: waqmyueimmyiuawq.xyz
Source:	DNS query: qgukewuuykmmkgeq.xyz
Source:	DNS query: gmwcscokucowyogs.xyz
Source:	DNS query: ywegqamoegumacgi.xyz
Source:	DNS query: yquocucuqoywwcsu.xyz
Source:	DNS query: eqmeimmouegoasay.xyz
Source:	DNS query: cykgmsqcgysgaioo.xyz
Source:	DNS query: oqoemaogyoikomiy.xyz
Source:	DNS query: qoiiomimuoaqgeku.xyz
Source:	DNS query: wgymkeismmiemsqq.xyz
Source:	DNS query: ykocagogmeiwmymy.xyz
Source:	DNS query: csoqiicgaaiyyoom.xyz
Source:	DNS query: koioiiwouukqousy.xyz
Source:	DNS query: okkyekwuommcicqi.xyz
Source:	DNS query: ecacmycegqoaquio.xyz
Source:	DNS query: skgcsksqyekiymii.xyz
Source:	DNS query: kckcekceqgcyqcsa.xyz
Source:	DNS query: uoaeyoycyycqkoci.xyz
Source:	DNS query: wsaekoiomeagsaes.xyz
Source:	DNS query: iqmeccigieosgmwq.xyz
Source:	DNS query: ggeqowwmmmeekigg.xyz
Source:	DNS query: sssawsmmkmuyqsaq.xyz
Source:	DNS query: ecmckkeyoskcigeu.xyz
Source:	DNS query: quoqoooiamqkkosc.xyz
Source:	DNS query: waokmuyyeooamowm.xyz
Source:	DNS query: ykomskascimimomo.xyz
Source:	DNS query: mmisquwegymayaee.xyz
Source:	DNS query: mmyukmsqamgicqai.xyz
Source:	DNS query: ikwyooieywakeqog.xyz
Source:	DNS query: mgwmkyyqckeewgce.xyz
Source:	DNS query: owoksuegymmgesys.xyz
Source:	DNS query: aamuskacaaiycguu.xyz
Source:	DNS query: yegskieoocgoamyi.xyz
Source:	DNS query: aaiouwywwcwuuasm.xyz
Source:	DNS query: kuoqgwooymgsqaum.xyz
Source:	DNS query: myoyccuwcyaygceg.xyz
Source:	DNS query: ggqgwuaseamkyywa.xyz
Source:	DNS query: uwimwwicgcscuoku.xyz
Source:	DNS query: cyyukyomsoiqyyqa.xyz
Source:	DNS query: gaisoawuoicqsumy.xyz
Source:	DNS query: qogsmcecyusiyaim.xyz
Source:	DNS query: ykqocceawkwoagmc.xyz
Source:	DNS query: aosywgkogcissggi.xyz
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	DNS query: ieywwkeuouoqgqms.xyz
Source:	DNS query: ecgkeyeueawgcuqo.xyz
Source:	DNS query: guimuaoiecmouigq.xyz
Source:	DNS query: ggkyuooyikmqoscw.xyz
Source:	DNS query: uoeeuiaewmogugeo.xyz
Source:	DNS query: okgeqaswygsgykme.xyz
Source:	DNS query: ywqiciegywcouoiy.xyz
Source:	DNS query: qgkgogieieoomkqq.xyz
Source:	DNS query: qgkmsekougssaawq.xyz
Source:	DNS query: ggmwwewskeiggosq.xyz
Source:	DNS query: eqgwaamacqweiwie.xyz
Source:	DNS query: wmqcgwcegsomeqas.xyz
Source:	DNS query: oqummowmqwcgsegm.xyz
Source:	DNS query: qoowyoueaaaccgqs.xyz
Source:	DNS query: csiykwakekqoqaym.xyz
Source:	DNS query: mmymmauyiiksiugu.xyz
Source:	DNS query: cseksqccmgaieyic.xyz
Source:	DNS query: cykgucwkesokooyw.xyz
Source:	DNS query: okoguckagygoqqgk.xyz
Source:	DNS query: cyswykkcmggyiqwo.xyz
Source:	DNS query: gmmacaiigwcscggs.xyz
Source:	DNS query: yequgaccqouegcmw.xyz
Source:	DNS query: sksiyqgummyycgmi.xyz
Source:	DNS query: skekiggeimmceqcg.xyz
Source:	DNS query: eiqqequeskcqiqmw.xyz
Source:	DNS query: ecsamoyaimquqwow.xyz
Source:	DNS query: aiyksmkyqgyaemiw.xyz
Source:	DNS query: owewoieiwasaueco.xyz
Source:	DNS query: aoymcmmeqqqgwwca.xyz
Source:	DNS query: iygsiugeeogoeiyi.xyz
Source:	DNS query: quuemeewaqaiiyqc.xyz
Source:	DNS query: wggikwiqowiwqcqg.xyz
Source:	DNS query: ucuiiwcwwgimkyyi.xyz
Source:	DNS query: koiugmaqgkawaiyw.xyz
Source:	DNS query: waeqkmeeasauygum.xyz
Source:	DNS query: ecimsaauyieykegi.xyz
Source:	DNS query: ocsqocikkcggeaaw.xyz
Source:	DNS query: iyaqqeamygmakcgo.xyz
Source:	DNS query: uowgcyqcgaqiumoi.xyz
Source:	DNS query: myymasomksgeawqw.xyz
Source:	DNS query: myaueqycgeikwagc.xyz
Source:	DNS query: seoomaqwwimwueiw.xyz
Source:	DNS query: mgeycqkiwggsymyc.xyz
Source:	DNS query: ikgkgaaqqsmomuim.xyz
Source:	DNS query: ieuaeqceycqyqygk.xyz
Source:	DNS query: waeqwwagawqkksya.xyz
Source:	DNS query: mmeuqmoaekswggoe.xyz
Source:	DNS query: ucyoqcksaiiwgqae.xyz
Source:	DNS query: aoosomigeaiewqom.xyz
Source:	DNS query: cyqaqqcqamemsiog.xyz
Source:	DNS query: wacqigcacsemkyos.xyz
Source:	DNS query: yqocoeikiyacyuck.xyz
Source:	DNS query: ywcuqkkmmqioiwqk.xyz
Source:	DNS query: ywcuqkkmmqioiwqk.xyz
Source:	DNS query: waqcciyigkuoygqy.xyz
Source:	DNS query: ceoqyeiycqkumwao.xyz
Source:	DNS query: aauquiiqeugcwswc.xyz
Source:	DNS query: uoeiymqawsqiyuck.xyz
Source:	DNS query: yqceweqmaumwwywy.xyz
Source:	DNS query: eqmycgagykgkqwsu.xyz
Source:	DNS query: seuuicaewuoaumes.xyz
Source:	DNS query: aomaeyokqgsuomii.xyz
Source:	DNS query: waqucgoeeeeymeii.xyz
Source:	DNS query: oqacqgmiaaewmmey.xyz
Source:	DNS query: ykeaoyaycoiamqey.xyz
Source:	DNS query: csmgwcogqqcwseka.xyz
Source:	DNS query: auowmussgaesgwas.xyz
Source:	DNS query: aikmouciiqgecoqi.xyz
Source:	DNS query: koecgqggegimaeya.xyz
Source:	DNS query: aawqwccomcemcysm.xyz
Source:	DNS query: kcyakwisycecaqgw.xyz
Source:	DNS query: uogksceymossmmqc.xyz
Source:	DNS query: qgmyeeguweaukuke.xyz
Source:	DNS query: mywaqkeaawisisky.xyz
Source:	DNS query: yqqsggacauiiugka.xyz
Source:	DNS query: equmqmqwuuuioawa.xyz
Source:	DNS query: wmoamsauiwauoosg.xyz
Source:	DNS query: oqsakkimkesccikc.xyz
Source:	DNS query: mgiwaegaqyyaakwy.xyz
Source:	DNS query: ucmioacycscyeouk.xyz
Source:	DNS query: qumaseqmggyaiauq.xyz
Source:	DNS query: uccyyemqaiiksuwm.xyz
Source:	DNS query: sesyieaiesegeaow.xyz
Source:	DNS query: kccmicaswqmswwak.xyz
Source:	DNS query: mssaogwocegysoow.xyz
Source:	DNS query: wssaqmakumewmaes.xyz
Source:	DNS query: cmukociggiqcouio.xyz
Source:	DNS query: skyqsyyymyacyayc.xyz
Source:	DNS query: uoigsiqmemcscosu.xyz
Source:	DNS query: kuywuskkgqsigqqs.xyz
Source:	DNS query: auayomwkewcomwas.xyz
Source:	DNS query: iyaikmkkowcqemsi.xyz
Source:	DNS query: ggicikyqcaiyguee.xyz
Source:	DNS query: oqyaoykomyoygics.xyz
Source:	DNS query: eqakguiwiqacqiwg.xyz
Source:	DNS query: wgcaouuqqqwucogy.xyz
Source:	DNS query: ewacuagosgqmuocm.xyz
Source:	DNS query: wgqyouayikuyuqmk.xyz
Source:	DNS query: owaaygsacguucaye.xyz
Source:	DNS query: uwgicagyykoommga.xyz
Source:	DNS query: uiggameqqycugsqw.xyz
Source:	DNS query: goguooqkgysueime.xyz
Source:	DNS query: keosqeosukqcooco.xyz
Source:	DNS query: maoeeogmuauywsyu.xyz
Source:	DNS query: ismqaewykmoiguki.xyz
Source:	DNS query: wucwykasawokemaw.xyz
Source:	DNS query: ukmcqucewskcqygg.xyz
Source:	DNS query: qqqmeagkkosgcayo.xyz
Source:	DNS query: ysawassgkwqygmmq.xyz
Source:	DNS query: osaeyoiqoqawauga.xyz
Source:	DNS query: iagisciiyoemgwaa.xyz
Source:	DNS query: ymysimqoykwqeqiq.xyz
Source:	DNS query: ymmcwogyimsuqmcc.xyz
Source:	DNS query: osmoygyawqmmimkq.xyz
Source:	DNS query: immyecuqwkiyscys.xyz
Source:	DNS query: omsqkuiwcwoegooq.xyz
Source:	DNS query: ukaiiiyqoooycyqm.xyz
Source:	DNS query: isemauqkwwiumyky.xyz
Source:	DNS query: keguuyioweymiaws.xyz
Source:	DNS query: kwaywmaequkqccai.xyz
Source:	DNS query: yyimcoiwgckeakcm.xyz
Source:	DNS query: ekcwemuekgqsimae.xyz
Source:	DNS query: imigkomgmqgmakqk.xyz
Source:	DNS query: omasqkwqyskcagwi.xyz
Source:	DNS query: awyomscgweuqmgaw.xyz
Source:	DNS query: eyoyssauceguqwmk.xyz
Source:	DNS query: gwwcqeykmseicgaw.xyz
Source:	DNS query: qwywqgsmgaoiwsga.xyz
Source:	DNS query: ososwckwcqmmwqcy.xyz
Source:	DNS query: osaymwoggqqycmse.xyz
Source:	DNS query: oyewqwkusieeoqey.xyz
Source:	DNS query: ommwaqgaemsmcqwc.xyz
Source:	DNS query: cauewwukyywyqiei.xyz
Source:	DNS query: goeykqccmemkswom.xyz
Source:	DNS query: aksuakswwkiimamq.xyz
Source:	DNS query: isaeicumkcuwqmqq.xyz
Source:	DNS query: qiswokuokugiooky.xyz
Source:	DNS query: qiswcssocuqsaqkq.xyz
Source:	DNS query: qcyksokwumicscaa.xyz
Source:	DNS query: esiaisyasoaoqwki.xyz
Source:	DNS query: giqukkwwcwgqcisg.xyz
Source:	DNS query: ymqaaskiwomkucuy.xyz
Source:	DNS query: akueuaicusaoieiy.xyz
Source:	DNS query: sauygqecsusickcu.xyz
Source:	DNS query: kkwkgmcoawgaoiwg.xyz
Source:	DNS query: saumycuogqsqykes.xyz
Source:	DNS query: ukyokaigmmkumgoa.xyz
Source:	DNS query: eswweuycwwiiykwo.xyz
Source:	DNS query: uksgyqiqaaiaiesi.xyz
Source:	DNS query: smckcsaioceiyasu.xyz
Source:	DNS query: esimsqgcwwwmyoqc.xyz
Source:	DNS query: maiyuocqqiqiiskw.xyz
Source:	DNS query: smaaowemwiwggocu.xyz
Source:	DNS query: kwuuwgemogmuomwq.xyz
Source:	DNS query: kwuuwgemogmuomwq.xyz
Source:	DNS query: ukicsmiwggcwksam.xyz
Source:	DNS query: gwamoggwyegsseao.xyz
Source:	DNS query: immcqsiceooqyaay.xyz
Source:	DNS query: kkcqgowgkcoyokcu.xyz
Source:	DNS query: kecgikusmakuksma.xyz
Source:	DNS query: ymuiggyusggsymoi.xyz
Source:	DNS query: uecouukwkuceyuwg.xyz
Source:	DNS query: eyoaceoookqskqmy.xyz
Source:	DNS query: awwomgcseeqwkkom.xyz
Source:	DNS query: keykoekseemyiewq.xyz
Source:	DNS query: ysiwwoeeaaskykaw.xyz
Source:	DNS query: kwmcuwccqmuecgea.xyz
Source:	DNS query: gwyooeiscmwguqms.xyz
Source:	DNS query: wuokiysmiucoucak.xyz
Source:	DNS query: wuuiumemmigyyauq.xyz
Source:	DNS query: acwomuuukiomgqkm.xyz
Source:	DNS query: muwqwgaaymomgwmi.xyz
Source:	DNS query: omgcoecwsqiuqyug.xyz
Source:	DNS query: kqmsgskwgemyueya.xyz
Source:	DNS query: eyiyueewuaqmmwcm.xyz
Source:	DNS query: gwoyamckoqoaauoq.xyz
Source:	DNS query: qwqsoyoqkymakowm.xyz
Source:	DNS query: gcmiymmqgwuquokm.xyz
Source:	DNS query: ymseciekayuweoww.xyz
Source:	DNS query: oyocwswugeiqqyoo.xyz
Source:	DNS query: omgooecquoweeomo.xyz
Source:	DNS query: imgeoyougkmmeuec.xyz
Source:	DNS query: smoswyoekkccyuga.xyz
Source:	DNS query: suwkomiqcykeyako.xyz
Source:	DNS query: smwsugycuuckemue.xyz
Source:	DNS query: qigcqiaomwieqwka.xyz
Source:	DNS query: oekcyqqggaegsesm.xyz
Source:	DNS query: qcoysaaooaiccqyu.xyz
Source:	DNS query: mismuqiygyeysaoo.xyz
Source:	DNS query: wockoyekyageakcg.xyz
Source:	DNS query: ososokqeakgguwsq.xyz
Source:	DNS query: wcgqccqcugomywua.xyz
Source:	DNS query: aqaqgemescmwsqks.xyz
Source:	DNS query: aqiwocaywcswuwsq.xyz
Source:	DNS query: aqgmgoqcoqqkguyk.xyz
Source:	DNS query: oywgqkusocouysua.xyz
Source:	DNS query: uyygagweoagcuqky.xyz
Source:	DNS query: muiccguyaeaqwweg.xyz
Source:	DNS query: qiqueqokwqqgwwci.xyz
Source:	DNS query: uygmgoymcwcgkios.xyz
Source:	DNS query: qiyggmguowygeooc.xyz
Source:	DNS query: acacoiqgoimayqwm.xyz
Source:	DNS query: smisyqewaummmwoc.xyz
Source:	DNS query: mumuqocoisaucwmq.xyz
Source:	DNS query: qqoawmqqwqcusmee.xyz
Source:	DNS query: qcygacuamqqugcck.xyz
Source:	DNS query: kkiigoymgkmoggoq.xyz
Source:	DNS query: qqmicqemgcgieoau.xyz
Source:	DNS query: sagymwuwgeucsmac.xyz
Source:	DNS query: igmqooiwioymwkcm.xyz
Source:	DNS query: osyqameakgkceeog.xyz
Source:	DNS query: sgigamoeiwksoecq.xyz
Source:	DNS query: keckssemmeoqieqe.xyz
Source:	DNS query: caysswwugsmkeksw.xyz
Source:	DNS query: cgiamwsqgcmqgqse.xyz
Source:	DNS query: uyeqwcuyimescesu.xyz
Source:	DNS query: ekiwqiyewuiqoemo.xyz
Source:	DNS query: oeakuqueisysswcg.xyz
Source:	DNS query: acemcwecgiqcukys.xyz
Source:	DNS query: qcwaiaiqiwcakawa.xyz
Source:	DNS query: esyiocqieemagwmo.xyz
Source:	DNS query: kqsakygykwusqams.xyz
Source:	DNS query: ymygkkggyigeqcqe.xyz
Source:	DNS query: qqqkagyoymmosuyo.xyz
Source:	DNS query: moiimkscmiswaesw.xyz
Source:	DNS query: igkiociagqsacmwa.xyz
Source:	DNS query: ymugwyokyyccykmw.xyz
Source:	DNS query: gieksqwccmmqkemm.xyz
Source:	DNS query: iaueigwgocakgsku.xyz
Source:	DNS query: sgsasqgwayeckgoy.xyz
Source:	DNS query: kwogawueykiiumao.xyz
Source:	DNS query: iagmkeayqmuowswy.xyz
Source:	DNS query: yyyagyakeciucagk.xyz
Source:	DNS query: isukyiwyscosaaqc.xyz
Source:	DNS query: goicqsmskkygkkka.xyz
Source:	DNS query: awacwkqgsoomimye.xyz
Source:	DNS query: iaawaweqwceogamg.xyz
Source:	DNS query: kqueagsoikuyocca.xyz
Source:	DNS query: momoqikcaksewaua.xyz
Source:	DNS query: suagiqkqmkgysmiw.xyz
Source:	DNS query: gcwequgwyimwymsa.xyz
Source:	DNS query: igywsgwooemqiuss.xyz
Source:	DNS query: wikiagqsmeeaeegy.xyz
Source:	DNS query: eeoeukoqgiwsumsu.xyz
Source:	DNS query: ygooiessycewaocg.xyz
Source:	DNS query: qcqgssmagywqcgws.xyz
Source:	DNS query: qcqgssmagywqcgws.xyz
Source:	DNS query: goiikukwyyauemqc.xyz
Source:	DNS query: comuwmkimocayeeu.xyz
Source:	DNS query: isgasoomksiwqcmg.xyz
Source:	DNS query: qigismmgwsiseyuu.xyz
Source:	DNS query: wuqggcwmoscwykwg.xyz
Source:	DNS query: qceawaaswmsuekmu.xyz
Source:	DNS query: ygucsucmagwqsqcu.xyz
Source:	DNS query: giuccqyqokookyue.xyz
Source:	DNS query: gceesusqmuockkgw.xyz
Source:	DNS query: ygesoycecmkuwayg.xyz
Source:	DNS query: sasqgsyksiccuuws.xyz
Source:	DNS query: qwggykgwkqoceiuo.xyz
Source:	DNS query: wiguisuayimaukgu.xyz
Source:	DNS query: qcwcgegyyieaoqca.xyz
Source:	DNS query: gwcyyawigmwceaqi.xyz
Source:	DNS query: mueuwcqsioowsmce.xyz
Source:	DNS query: qiewcykmuuacuoyk.xyz
Source:	DNS query: coayaokeissieqcc.xyz
Source:	DNS query: oeooiqokqsqcsaig.xyz
Source:	DNS query: masegmsiqgamiugm.xyz
Source:	DNS query: smwywssyyaciqkae.xyz
Source:	DNS query: aweqoooqomueeiwi.xyz
Source:	DNS query: akasikewaomyiwqk.xyz
Source:	DNS query: oyyamqygcecqocmq.xyz
Source:	DNS query: qwikoqqgiayyuakq.xyz
Source:	DNS query: miqcugomwgmygyoq.xyz
Source:	DNS query: wiccyamsgmuqoeoy.xyz
Source:	DNS query: ymeiqyyqqyaaygie.xyz
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	DNS query: wiomcwmascsigags.xyz
Source:	DNS query: awgyuqqswicwkqcs.xyz
Source:	DNS query: iacisiamimiiqyeo.xyz
Source:	DNS query: wogawoqysgiockwa.xyz
Source:	DNS query: mayykkuyeuiggyws.xyz
Source:	DNS query: cosaygigqegeyewi.xyz
Source:	DNS query: ekqyosgcumkcecmo.xyz
Source:	DNS query: qimmkmaumumswocw.xyz
Source:	DNS query: acqaagqgmsmeouce.xyz
Source:	DNS query: awasockiaymagmci.xyz
Source:	DNS query: akuyqkmomwqyiyow.xyz
Source:	DNS query: caceukeeygaaqaec.xyz
Source:	DNS query: qwcaikouwwekssco.xyz
Source:	DNS query: qqioykeogcwkowgq.xyz
Source:	DNS query: igeqissugeuswaus.xyz
Source:	DNS query: osoawyeyassgycgy.xyz
Source:	DNS query: cuaumuqcoeegomsq.xyz
Source:	DNS query: oyogquqkmyqwwkuq.xyz
Source:	DNS query: gwyougsgeaaoiumg.xyz
Source:	DNS query: ukeoemaaimqyuais.xyz
Source:	DNS query: oewuwcsmaacckewa.xyz
Source:	DNS query: esykokiigsgwcwsa.xyz
Source:	DNS query: ekgqymkkqiwogqsy.xyz
Source:	DNS query: wueossewygqoakoq.xyz
Source:	DNS query: isceiesauogasmoo.xyz
Source:	DNS query: giscmywoiaqmqcmw.xyz
Source:	DNS query: uyqweoyukcewugsu.xyz
Source:	DNS query: imuscegymggagewg.xyz
Source:	DNS query: wgesgakysuqaewik.xyz
Source:	DNS query: uwoyyqgiwowysqou.xyz
Source:	DNS query: syaouwwyoaemeekm.xyz
Source:	DNS query: aoscugususamokuy.xyz
Source:	DNS query: qucyaygweeasqeoy.xyz
Source:	DNS query: uiwwamyuymycooey.xyz
Source:	DNS query: iygukwyuqwiuoqmi.xyz
Source:	DNS query: koaeaguekwcaousw.xyz
Source:	DNS query: skssioqkemoiieaa.xyz
Source:	DNS query: yewomygmueegmoqi.xyz
Source:	DNS query: kuyoukwwacqkcoyo.xyz
Source:	DNS query: gmcqgmkyguwkskyg.xyz
Source:	DNS query: mygiqcqokowwmgqq.xyz
Source:	DNS query: cymogqmasaiiwmww.xyz
Source:	DNS query: iykumkamcykgicyi.xyz
Source:	DNS query: cyemcqwkasuimkgs.xyz
Source:	DNS query: ieqeeiggkuqcomyo.xyz
Source:	DNS query: ssmkyomikukusksu.xyz
Source:	DNS query: kimakioiwmawksiw.xyz
Source:	DNS query: qumssmeysccykkyo.xyz
Source:	DNS query: ykuoaucocogcwoky.xyz
Source:	DNS query: semyssioekmosauo.xyz
Source:	DNS query: aiiqyyikowqaygwy.xyz
Source:	DNS query: kouumoyqiuckkcau.xyz
Source:	DNS query: qgwkkkyicoqmooqu.xyz
Source:	DNS query: uwwcocucusmeguaw.xyz
Source:	DNS query: cekggiciueyeyoku.xyz
Source:	DNS query: iqqeoamqwiuiyuua.xyz
Source:	DNS query: uokqmokseqqakiui.xyz
Source:	DNS query: cyqqgacqkowwkqqe.xyz
Source:	DNS query: cmqqeimyycgqwsgg.xyz
Source:	DNS query: cmqqeimyycgqwsgg.xyz
Source:	DNS query: wmgeoqqiwqcmimwu.xyz
Source:	DNS query: quyckaioggawuois.xyz
Source:	DNS query: eqciawooemoueyqu.xyz
Source:	DNS query: oqoaumkywacmuwwm.xyz
Source:	DNS query: ewueyekksqksycww.xyz
Source:	DNS query: csmasucykosuwouy.xyz
Source:	DNS query: seeogeqwsqmsoaqe.xyz
Source:	DNS query: gusmkkaiomeeqaiy.xyz
Source:	DNS query: msyecoiqeyqeiquy.xyz
Source:	DNS query: skawoueawceoywsy.xyz
Source:	DNS query: iyuaqococuqcsgii.xyz
Source:	DNS query: kuyaasckcgacyesi.xyz
Source:	DNS query: aaeqiiecqqumcgky.xyz
Source:	DNS query: aawiysageawcoyok.xyz
Source:	DNS query: yqysoaosqewciiww.xyz
Source:	DNS query: yessywkwcwmyewqe.xyz
Source:	DNS query: aueiqscgeicewaoo.xyz

Tries to resolve many domain names, but no domain seems valid

Source: unknown	DNS traffic detected: query: akaueuwoocwkkoya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: myaueqycgeikwagc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwwcqeykmseicgaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuyaasckcgacyesi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awacwkqgsoomimye.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukmcqucewskcqygg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqyaoykomyoygics.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: quisoakcuqsygyyc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecacmycegqoaquio.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esykokiigsgwcwsa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuusiiukmwcmimyk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qokykyyigsyqggqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyeqwcuyimescesu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uoaeyoycyycqkoci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwamoggwyegsseao.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uokqmokseqqakiui.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: miqcugomwgmygyoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skawoueawceoywsy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cgiamwsqgcmqgqse.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cosaygigqegeyewi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: auayomwkewcomwas.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: seioywksogeseqig.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kckcekceqgcyqcsa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcqgssmagywqcgws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skekiggeimmceqcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymysimqoykwqeqiq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uoeiymqawsqiyuck.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: akasikewaomyiwqk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uoeeuiaewmogugeo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcyakwisycecaqgw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyicacsgusyikwmy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gieksqwccmmqkemm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqsakygykwusqams.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yegskieoocgoamyi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyewqwkusieeoqey.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiswokuokugiooky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wssaqmakumewmaes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gmmacaiigwcscggs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kkiigoymgkmoggoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isgasoomksiwqcmg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kouumoyqiuckkcau.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwggykgwkqoceiuo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: seuuicaewuoaumes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sssawsmmkmuyqsaq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqceweqmaumwwywy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ismqaewykmoiguki.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wggikwiqowiwqcqg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymugwyokyyccykmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggwsuoyyioagegkw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uqyukkamycuaimsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ssoqscyewimqiqme.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igkiociagqsacmwa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isemauqkwwiumyky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgmyeeguweaukuke.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywqiciegywcouoiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: caceukeeygaaqaec.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oeooiqokqsqcsaig.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoqayemwgmsyuimi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuqggcwmoscwykwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omsqkuiwcwoegooq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggmwwewskeiggosq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iagmkeayqmuowswy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgukewuuykmmkgeq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: woeamasicuiqyckq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwmaokcmiwuqqyes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: giscmywoiaqmqcmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ygucsucmagwqsqcu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyocwswugeiqqyoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: woceumwmwioocusa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcesagqugouwkqyg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aawqwccomcemcysm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eyoyssauceguqwmk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iqqeoamqwiuiyuua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kocgeaeoakgqewog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skgcsksqyekiymii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmyukmsqamgicqai.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eyoyiqskiciwwoyw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ucyoqcksaiiwgqae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ososwckwcqmmwqcy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cgeewuguwiikcwug.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywkamsiogkycyosy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmeuqmoaekswggoe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koiugmaqgkawaiyw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqukwaogqoucsaas.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcqkucqkogqiuukw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mygiqcqokowwmgqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aqiwocaywcswuwsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cuccygameukkeumw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuoqgwooymgsqaum.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sagymwuwgeucsmac.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ysoqqwckkqssyigm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iqmeccigieosgmwq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecsamoyaimquqwow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wmgeoqqiwqcmimwu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ceeomiecgymecgau.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goicqsmskkygkkka.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymygkkggyigeqcqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mgeycqkiwggsymyc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiswcssocuqsaqkq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwcaikouwwekssco.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gakowseyscmeqkya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esiaisyasoaoqwki.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyogquqkmyqwwkuq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: giuccqyqokookyue.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skyqsyyymyacyayc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qceawaaswmsuekmu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukeoemaaimqyuais.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eyoaceoookqskqmy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyekqyccewougasu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qusmiuqmmgqsgeci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukicsmiwggcwksam.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyaqqeamygmakcgo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qucyaygweeasqeoy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: guimuaoiecmouigq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ygooiessycewaocg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igaiseoqksuoukqg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: miigookwguakmkeu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mssaogwocegysoow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oywgqkusocouysua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: quoqoooiamqkkosc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekcwemuekgqsimae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: msyecoiqeyqeiquy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ygesoycecmkuwayg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omgcoecwsqiuqyug.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggicikyqcaiyguee.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: owaaygsacguucaye.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekiwqiyewuiqoemo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqoaumkywacmuwwm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mgseamqmgkqcuewy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyaikmkkowcqemsi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgqyouayikuyuqmk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yessywkwcwmyewqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ewueyekksqksycww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wikiagqsmeeaeegy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sgsasqgwayeckgoy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqioykeogcwkowgq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: giqukkwwcwgqcisg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ucwesqiquqggymqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywyawywiuyecuiuu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: masegmsiqgamiugm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaoweoyqcuuykwgu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iygukwyuqwiuoqmi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqoceoymymoicqky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isaeicumkcuwqmqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smckcsaioceiyasu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyemsyoimicqmais.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iaueigwgocakgsku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqakguiwiqacqiwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ikwyooieywakeqog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wsaekoiomeagsaes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyqaqqcqamemsiog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wockoyekyageakcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isceiesauogasmoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukaiiiyqoooycyqm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gcwequgwyimwymsa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ssmkyomikukusksu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqgwaamacqweiwie.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: akuyqkmomwqyiyow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iagisciiyoemgwaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mgiwaegaqyyaakwy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iqcqqquiwomgsmma.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sauygqecsusickcu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqyyguuwsyqaqgsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osyqameakgkceeog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: owoksuegymmgesys.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: maiyuocqqiqiiskw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wucwykasawokemaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ceoqyeiycqkumwao.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgkmsekougssaawq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: suagiqkqmkgysmiw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoosomigeaiewqom.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykqocceawkwoagmc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiaiwegmqcmwcouw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: coayaokeissieqcc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aweqoooqomueeiwi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qimmkmaumumswocw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smwywssyyaciqkae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: muwqwgaaymomgwmi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uokqeaieowiogsgc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyswykkcmggyiqwo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: imigkomgmqgmakqk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omasqkwqyskcagwi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: auuisqaykqgeesae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eyiyueewuaqmmwcm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cseksqccmgaieyic.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: myisokqwsmqeusuy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mocikyoeikocwkuc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wueossewygqoakoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqouwceoowyiwgag.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ewacuagosgqmuocm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywegqamoegumacgi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acqaagqgmsmeouce.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koioiiwouukqousy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekgqymkkqiwogqsy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ewywcoeukaoaegci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcyoeiykekuqkkmg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oewuwcsmaacckewa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kigcewceemkckeow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymmcwogyimsuqmcc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwcyyawigmwceaqi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kkwkgmcoawgaoiwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sgigamoeiwksoecq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acemcwecgiqcukys.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wmqcgwcegsomeqas.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awyomscgweuqmgaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cogsyycsuwoysugi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqocoeikiyacyuck.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cykgmsqcgysgaioo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aikmouciiqgecoqi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcwcgegyyieaoqca.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekqyosgcumkcecmo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqmicqemgcgieoau.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgswkwaesqqwkoaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqqsggacauiiugka.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcyksokwumicscaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isukyiwyscosaaqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eigkgwkyuqssgamw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uowowiqiyeiuwmcc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eswweuycwwiiykwo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyqcacmsiquuwggq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oeegecksewamggaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggkyecqguqkkuoso.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uecouukwkuceyuwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cekggiciueyeyoku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: quuemeewaqaiiyqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: immcqsiceooqyaay.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ososokqeakgguwsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: csiykwakekqoqaym.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qckwwsmukogkeuge.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goguooqkgysueime.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igmqooiwioymwkcm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuuiumemmigyyauq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwaywmaequkqccai.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyuaqococuqcsgii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqysoaosqewciiww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmiowgeswucumqae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acgcaiyykiigugms.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iaawaweqwceogamg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiywykakusaygisc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwoyamckoqoaauoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqmsgskwgemyueya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaisoawuoicqsumy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smisyqewaummmwoc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yquocucuqoywwcsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qumssmeysccykkyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gmcqgmkyguwkskyg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcsqwmkusesaccwa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecmckkeyoskcigeu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uceaygkekiassamu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smaaowemwiwggocu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aueiqscgeicewaoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyusosuyycoeikgo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: quyckaioggawuois.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmisquwegymayaee.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ieuaeqceycqyqygk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyyyokugycioysok.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gmooqswyuuqaiomi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osaeyoiqoqawauga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmiugosumuqmuqoc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymqaaskiwomkucuy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqmeimmouegoasay.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqacqgmiaaewmmey.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykeaoyaycoiamqey.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymseciekayuweoww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aiyksmkyqgyaemiw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwywqgsmgaoiwsga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: okgeqaswygsgykme.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acwomuuukiomgqkm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacgceaygaecuguy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiyggmguowygeooc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: suwkomiqcykeyako.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keckssemmeoqieqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuokiysmiucoucak.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggqgwuaseamkyywa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ommwaqgaemsmcqwc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyqweoyukcewugsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyawyckqggkwsyoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gusmkkaiomeeqaiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykocagogmeiwmymy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iygsiugeeogoeiyi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awgyuqqswicwkqcs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esyiocqieemagwmo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uwoyyqgiwowysqou.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: okoguckagygoqqgk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqqkagyoymmosuyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keosqeosukqcooco.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gcmiymmqgwuquokm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uygmgoymcwcgkios.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qciqgoeogwwmwkcw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: muiccguyaeaqwweg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waeqkmeeasauygum.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waqcciyigkuoygqy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keykoekseemyiewq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgcaouuqqqwucogy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiuswcgwaqgemwcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: semyssioekmosauo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqsamcsauqiagmma.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqummowmqwcgsegm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymuiggyusggsymoi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqkkkcuwkiqiecac.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyygagweoagcuqky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: imuscegymggagewg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: miacggmycyqikoyq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aiiqyyikowqaygwy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: imgeoyougkmmeuec.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igywsgwooemqiuss.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyqqgacqkowwkqqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: immyecuqwkiyscys.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eiqqequeskcqiqmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: myymasomksgeawqw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqueagsoikuyocca.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoscugususamokuy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qoowyoueaaaccgqs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mumuqocoisaucwmq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiccyamsgmuqoeoy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waqmyueimmyiuawq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cycscsqyqkeaykgc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mayykkuyeuiggyws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcwcksiayqqmwssm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukyokaigmmkumgoa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: momoqikcaksewaua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ikoqkscwsowwukmi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiguisuayimaukgu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cykgucwkesokooyw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekacwgokqcscqysi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecmyomcaicqysoqw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sasqgsyksiccuuws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uogksceymossmmqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aauquiiqeugcwswc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykomskascimimomo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aksuakswwkiimamq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwogawueykiiumao.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qigcqiaomwieqwka.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykaimcgigakggwec.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uccsgcekiwcyucou.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skssioqkemoiieaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoymcmmeqqqgwwca.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwikoqqgiayyuakq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcoysaaooaiccqyu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ikwyuqgsegcgcccg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cmqqeimyycgqwsgg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koaeaguekwcaousw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uykkwkqqemamguwa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: akueuaicusaoieiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: csmasucykosuwouy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqoemaogyoikomiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: seoomaqwwimwueiw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqegmuqkgyaywwmc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esimsqgcwwwmyoqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: seeogeqwsqmsoaqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ikgkgaaqqsmomuim.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kkcqgowgkcoyokcu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ucmioacycscyeouk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uwwcocucusmeguaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwyooeiscmwguqms.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ieqeeiggkuqcomyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: comuwmkimocayeeu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqeugeoquqsokgqk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osaymwoggqqycmse.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awwomgcseeqwkkom.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: csoqiicgaaiyyoom.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cmukociggiqcouio.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aqgmgoqcoqqkguyk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cymogqmasaiiwmww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyyukyomsoiqyyqa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uwimwwicgcscuoku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keguuyioweymiaws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omgooecquoweeomo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qigismmgwsiseyuu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuiqsugkqeoscguo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggeqowwmmmeekigg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wukaqiusicksuguo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uowgcyqcgaqiumoi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ieikmuieoqqmugwu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcwaiaiqiwcakawa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aaiouwywwcwuuasm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gceesusqmuockkgw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: equmqmqwuuuioawa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgkgogieieoomkqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuywuskkgqsigqqs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aosywgkogcissggi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kimakioiwmawksiw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukekykoqskumoikg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: myoyccuwcyaygceg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iacisiamimiiqyeo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gcikuiqswcgsscog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymsaymyugccysmow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awasockiaymagmci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyimcoiwgckeakcm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqsakkimkesccikc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqmycgagykgkqwsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uwgicagyykoommga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aomaeyokqgsuomii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ssagiiaauyewiswa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcygacuamqqugcck.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yewomygmueegmoqi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecgkeyeueawgcuqo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyyamqygcecqocmq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keoqiqigggqkcykq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oeakuqueisysswcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wogawoqysgiockwa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mgwmkyyqckeewgce.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smoswyoekkccyuga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgyimykogekgewoa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koecgqggegimaeya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qumaseqmggyaiauq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgwkkkyicoqmooqu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aaeqiiecqqumcgky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: okkyekwuommcicqi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iymukyseoieqccac.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goeykqccmemkswom.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: moiimkscmiswaesw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecqisawmymscauow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qascmswkaisogoaq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiomcwmascsigags.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ucuiiwcwwgimkyyi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ysiwwoeeaaskykaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuiomoiwauwckqeq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymeiqyyqqyaaygie.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mismuqiygyeysaoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uiguoqqagkiuagyc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyyagyakeciucagk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osmoygyawqmmimkq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecimsaauyieykegi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmymmauyiiksiugu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wmoamsauiwauoosg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiewcykmuuacuoyk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omuquowgiusiesgk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: caysswwugsmkeksw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwuuwgemogmuomwq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esuyiyesukcuoico.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waqucgoeeeeymeii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: csmgwcogqqcwseka.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uymiagmwmqmimewm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mywaqkeaawisisky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: saumycuogqsqykes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuyoukwwacqkcoyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qogsmcecyusiyaim.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oekcyqqggaegsesm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwqsoyoqkymakowm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smwsugycuuckemue.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: syaouwwyoaemeekm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgymkeismmiemsqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aawiysageawcoyok.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: maoeeogmuauywsyu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mueuwcqsioowsmce.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgesgakysuqaewik.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqciawooemoueyqu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ceucuuwiwwuiweaq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aqaqgemescmwsqks.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kccmicaswqmswwak.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqoawmqqwqcusmee.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ssegwgieumyoasym.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ueaokkmeuioagwuc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uoigsiqmemcscosu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cauewwukyywyqiei.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiqueqokwqqgwwci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ieywwkeuouoqgqms.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sksiyqgummyycgmi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyemcqwkasuimkgs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwmcuwccqmuecgea.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ysawassgkwqygmmq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywcuqkkmmqioiwqk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyacmosgygqayqys.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: owewoieiwasaueco.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uccyyemqaiiksuwm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oekyamueeiiousia.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yekiwquqaacesqqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eeoeukoqgiwsumsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aamuskacaaiycguu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goiikukwyyauemqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aiumyocycyyikiwc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waokmuyyeooamowm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wacqigcacsemkyos.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: auowmussgaesgwas.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmygsewuukqkiiok.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: muuagqkickggsewc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aqmqywkwsmmayyoi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sesyieaiesegeaow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wcgqccqcugomywua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggkyuooyikmqoscw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gmwcscokucowyogs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykuoaucocogcwoky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cuaumuqcoeegomsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osoawyeyassgycgy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwyougsgeaaoiumg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yequgaccqouegcmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqqmeagkkosgcayo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iykumkamcykgicyi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waeqwwagawqkksya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kecgikusmakuksma.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qoiiomimuoaqgeku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ocsqocikkcggeaaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uksgyqiqaaiaiesi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uiggameqqycugsqw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acacoiqgoimayqwm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqcakkmwigkaumii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igeqissugeuswaus.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iqcaysimoeeqamky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uiwwamyuymycooey.xyz replaycode: Name error (3)

Connects to many different domains

Source: unknown

Network traffic detected: DNS query count 9650

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.5:51602 -> 1.1.1.1:53

Executes massive DNS lookups (> 100)

Source: global traffic

DNS traffic detected: number of DNS queries: 9650

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 20.25.227.174 20.25.227.174
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3
Source: Joe Sandbox View	IP Address: 13.107.246.57 13.107.246.57

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: GLESYS-ASSE GLESYS-ASSE

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /ppsecure/deviceaddcredential.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 7642Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 746Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5Ijoib0xRbzJSNm5JbFcyN0dlcm5BNEhTUT09IiwgImhhc2giOiI3UnZ3b3I0Tyt4cz0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "636976985063396749.rel.v2"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730377764&P2=404&P3=2&P4=BhynJaonj5B6%2fy2xjoecCMSr04rgIsrqM%2fiTbVToRVtUhf%2bhaFVIIDK0X0It4PoRcanpU2c15i0U66uS5o4ASw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: a50w/oBTBrB+E1eW6SnOGnSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/settings/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 718Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoianJOSlNGYWxKOHY4MC9iNXUzeG9rZz09IiwgImhhc2giOiJhVUpUS0lxRzllaz0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "2.0-0"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 476Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=82kz6f5GUMhaK1z&MD=WzodfhpS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730377764&P2=404&P3=2&P4=BhynJaonj5B6%2fy2xjoecCMSr04rgIsrqM%2fiTbVToRVtUhf%2bhaFVIIDK0X0It4PoRcanpU2c15i0U66uS5o4ASw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: a50w/oBTBrB+E1eW6SnOGnSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=82kz6f5GUMhaK1z&MD=WzodfhpS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /api/client_hello HTTP/1.1Accept: /Connection: closeHost: ygiqycocskiqysoa.xyz:443User-Agent: cpp-httplib/0.12.1
Source: global traffic	HTTP traffic detected: GET /api/client_hello HTTP/1.1Accept: /Connection: closeHost: ygiqycocskiqysoa.xyz:443User-Agent: cpp-httplib/0.12.1

Source: 000003.log4.15.dr, uu_host_config.15.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log4.15.dr, uu_host_config.15.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log4.15.dr, uu_host_config.15.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.docusign.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: ygiqycocskiqysoa.xyz
Source: global traffic	DNS traffic detected: DNS query: eyoyiqskiciwwoyw.xyz
Source: global traffic	DNS traffic detected: DNS query: ueaokkmeuioagwuc.xyz
Source: global traffic	DNS traffic detected: DNS query: wiaiwegmqcmwcouw.xyz
Source: global traffic	DNS traffic detected: DNS query: muuagqkickggsewc.xyz
Source: global traffic	DNS traffic detected: DNS query: uyicacsgusyikwmy.xyz
Source: global traffic	DNS traffic detected: DNS query: qcwcksiayqqmwssm.xyz
Source: global traffic	DNS traffic detected: DNS query: ekacwgokqcscqysi.xyz
Source: global traffic	DNS traffic detected: DNS query: esuyiyesukcuoico.xyz
Source: global traffic	DNS traffic detected: DNS query: oeegecksewamggaa.xyz
Source: global traffic	DNS traffic detected: DNS query: yyacmosgygqayqys.xyz
Source: global traffic	DNS traffic detected: DNS query: cgeewuguwiikcwug.xyz
Source: global traffic	DNS traffic detected: DNS query: qckwwsmukogkeuge.xyz
Source: global traffic	DNS traffic detected: DNS query: keoqiqigggqkcykq.xyz
Source: global traffic	DNS traffic detected: DNS query: kqsamcsauqiagmma.xyz
Source: global traffic	DNS traffic detected: DNS query: mocikyoeikocwkuc.xyz
Source: global traffic	DNS traffic detected: DNS query: uymiagmwmqmimewm.xyz
Source: global traffic	DNS traffic detected: DNS query: gcikuiqswcgsscog.xyz
Source: global traffic	DNS traffic detected: DNS query: qwmaokcmiwuqqyes.xyz
Source: global traffic	DNS traffic detected: DNS query: igaiseoqksuoukqg.xyz
Source: global traffic	DNS traffic detected: DNS query: kqukwaogqoucsaas.xyz
Source: global traffic	DNS traffic detected: DNS query: miacggmycyqikoyq.xyz
Source: global traffic	DNS traffic detected: DNS query: woceumwmwioocusa.xyz
Source: global traffic	DNS traffic detected: DNS query: acgcaiyykiigugms.xyz
Source: global traffic	DNS traffic detected: DNS query: cogsyycsuwoysugi.xyz
Source: global traffic	DNS traffic detected: DNS query: oekyamueeiiousia.xyz
Source: global traffic	DNS traffic detected: DNS query: wukaqiusicksuguo.xyz
Source: global traffic	DNS traffic detected: DNS query: yyusosuyycoeikgo.xyz
Source: global traffic	DNS traffic detected: DNS query: kqoceoymymoicqky.xyz
Source: global traffic	DNS traffic detected: DNS query: uykkwkqqemamguwa.xyz
Source: global traffic	DNS traffic detected: DNS query: oyekqyccewougasu.xyz
Source: global traffic	DNS traffic detected: DNS query: ymsaymyugccysmow.xyz
Source: global traffic	DNS traffic detected: DNS query: omuquowgiusiesgk.xyz
Source: global traffic	DNS traffic detected: DNS query: wiywykakusaygisc.xyz
Source: global traffic	DNS traffic detected: DNS query: aqmqywkwsmmayyoi.xyz
Source: global traffic	DNS traffic detected: DNS query: cuccygameukkeumw.xyz
Source: global traffic	DNS traffic detected: DNS query: ukekykoqskumoikg.xyz
Source: global traffic	DNS traffic detected: DNS query: uyqcacmsiquuwggq.xyz
Source: global traffic	DNS traffic detected: DNS query: ysoqqwckkqssyigm.xyz
Source: global traffic	DNS traffic detected: DNS query: yyemsyoimicqmais.xyz
Source: global traffic	DNS traffic detected: DNS query: miigookwguakmkeu.xyz
Source: global traffic	DNS traffic detected: DNS query: qiuswcgwaqgemwcg.xyz
Source: global traffic	DNS traffic detected: DNS query: wuusiiukmwcmimyk.xyz
Source: global traffic	DNS traffic detected: DNS query: uqyukkamycuaimsu.xyz
Source: global traffic	DNS traffic detected: DNS query: woeamasicuiqyckq.xyz
Source: global traffic	DNS traffic detected: DNS query: akaueuwoocwkkoya.xyz
Source: global traffic	DNS traffic detected: DNS query: qciqgoeogwwmwkcw.xyz
Source: global traffic	DNS traffic detected: DNS query: ucwesqiquqggymqe.xyz
Source: global traffic	DNS traffic detected: DNS query: mgseamqmgkqcuewy.xyz
Source: global traffic	DNS traffic detected: DNS query: gaoweoyqcuuykwgu.xyz
Source: global traffic	DNS traffic detected: DNS query: oqegmuqkgyaywwmc.xyz
Source: global traffic	DNS traffic detected: DNS query: qusmiuqmmgqsgeci.xyz
Source: global traffic	DNS traffic detected: DNS query: yqcakkmwigkaumii.xyz
Source: global traffic	DNS traffic detected: DNS query: qokykyyigsyqggqe.xyz
Source: global traffic	DNS traffic detected: DNS query: cyyyokugycioysok.xyz
Source: global traffic	DNS traffic detected: DNS query: iqcaysimoeeqamky.xyz
Source: global traffic	DNS traffic detected: DNS query: yekiwquqaacesqqq.xyz
Source: global traffic	DNS traffic detected: DNS query: gmooqswyuuqaiomi.xyz
Source: global traffic	DNS traffic detected: DNS query: kuiomoiwauwckqeq.xyz
Source: global traffic	DNS traffic detected: DNS query: ceucuuwiwwuiweaq.xyz
Source: global traffic	DNS traffic detected: DNS query: cycscsqyqkeaykgc.xyz
Source: global traffic	DNS traffic detected: DNS query: ssagiiaauyewiswa.xyz
Source: global traffic	DNS traffic detected: DNS query: ggwsuoyyioagegkw.xyz
Source: global traffic	DNS traffic detected: DNS query: ieikmuieoqqmugwu.xyz
Source: global traffic	DNS traffic detected: DNS query: kcqkucqkogqiuukw.xyz
Source: global traffic	DNS traffic detected: DNS query: oqouwceoowyiwgag.xyz
Source: global traffic	DNS traffic detected: DNS query: gakowseyscmeqkya.xyz
Source: global traffic	DNS traffic detected: DNS query: quisoakcuqsygyyc.xyz
Source: global traffic	DNS traffic detected: DNS query: auuisqaykqgeesae.xyz
Source: global traffic	DNS traffic detected: DNS query: iyawyckqggkwsyoq.xyz
Source: global traffic	DNS traffic detected: DNS query: ecmyomcaicqysoqw.xyz
Source: global traffic	DNS traffic detected: DNS query: iqcqqquiwomgsmma.xyz
Source: global traffic	DNS traffic detected: DNS query: ssegwgieumyoasym.xyz
Source: global traffic	DNS traffic detected: DNS query: ceeomiecgymecgau.xyz
Source: global traffic	DNS traffic detected: DNS query: myisokqwsmqeusuy.xyz
Source: global traffic	DNS traffic detected: DNS query: ywkamsiogkycyosy.xyz
Source: global traffic	DNS traffic detected: DNS query: ggkyecqguqkkuoso.xyz
Source: global traffic	DNS traffic detected: DNS query: kcyoeiykekuqkkmg.xyz
Source: global traffic	DNS traffic detected: DNS query: ikwyuqgsegcgcccg.xyz
Source: global traffic	DNS traffic detected: DNS query: wgswkwaesqqwkoaa.xyz
Source: global traffic	DNS traffic detected: DNS query: eqkkkcuwkiqiecac.xyz
Source: global traffic	DNS traffic detected: DNS query: kigcewceemkckeow.xyz
Source: global traffic	DNS traffic detected: DNS query: ykaimcgigakggwec.xyz
Source: global traffic	DNS traffic detected: DNS query: uceaygkekiassamu.xyz
Source: global traffic	DNS traffic detected: DNS query: seioywksogeseqig.xyz
Source: global traffic	DNS traffic detected: DNS query: ssoqscyewimqiqme.xyz
Source: global traffic	DNS traffic detected: DNS query: kocgeaeoakgqewog.xyz
Source: global traffic	DNS traffic detected: DNS query: kuiqsugkqeoscguo.xyz
Source: global traffic	DNS traffic detected: DNS query: kcsqwmkusesaccwa.xyz
Source: global traffic	DNS traffic detected: DNS query: ywyawywiuyecuiuu.xyz
Source: global traffic	DNS traffic detected: DNS query: uowowiqiyeiuwmcc.xyz
Source: global traffic	DNS traffic detected: DNS query: uokqeaieowiogsgc.xyz
Source: global traffic	DNS traffic detected: DNS query: ikoqkscwsowwukmi.xyz
Source: global traffic	DNS traffic detected: DNS query: iymukyseoieqccac.xyz
Source: global traffic	DNS traffic detected: DNS query: qascmswkaisogoaq.xyz
Source: global traffic	DNS traffic detected: DNS query: gacgceaygaecuguy.xyz
Source: global traffic	DNS traffic detected: DNS query: eqyyguuwsyqaqgsq.xyz

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: Reporting and NEL.16.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.15.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.15.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.15.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.15.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 37dd7b55-80b1-4cbf-9779-3fbcf90e6cb9.tmp.16.dr, 95bb2ac2-5b86-4f21-b08e-63b020cb373b.tmp.16.dr, abb8c802-0d88-425c-8f94-6e1435bed519.tmp.16.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.15.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: abb8c802-0d88-425c-8f94-6e1435bed519.tmp.16.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.15.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.15.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.15.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.15.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 37dd7b55-80b1-4cbf-9779-3fbcf90e6cb9.tmp.16.dr, 95bb2ac2-5b86-4f21-b08e-63b020cb373b.tmp.16.dr	String found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=Addre
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log3.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: Session_13374246561513597.15.dr	String found in binary or memory: https://www.docusign.com
Source: 000003.log7.15.dr	String found in binary or memory: https://www.docusign.com/
Source: Favicons.15.dr	String found in binary or memory: https://www.docusign.com/favicon.ico
Source: History.15.dr	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
Source: History.15.dr	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf/
Source: cmd.exe, 00000009.00000002.2282871581.00000000029B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf;g
Source: cmd.exe, 00000009.00000002.2282871581.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2282509135.00000000005A0000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2282509135.00000000005A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfC:
Source: Session_13374246561513597.15.dr	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfd
Source: cmd.exe, 00000009.00000002.2282741758.0000000002890000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfindows
Source: cmd.exe, 00000009.00000002.2282871581.00000000029BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfq
Source: cmd.exe, 00000009.00000002.2282871581.00000000029BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfyg
Source: content.js.15.dr, content_new.js.15.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.15.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 37dd7b55-80b1-4cbf-9779-3fbcf90e6cb9.tmp.16.dr, 95bb2ac2-5b86-4f21-b08e-63b020cb373b.tmp.16.dr	String found in binary or memory: https://www.googleapis.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 57187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 58718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 51032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 56423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 59517 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62619
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 62631 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 56422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59506 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62623
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62625
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62626
Source: unknown	Network traffic detected: HTTP traffic on port 56411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56194
Source: unknown	Network traffic detected: HTTP traffic on port 57175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62628
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62629
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56191
Source: unknown	Network traffic detected: HTTP traffic on port 58730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 51031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62620
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62621
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 56421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 54985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59507
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59506
Source: unknown	Network traffic detected: HTTP traffic on port 58728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59509
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59508
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59502
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59505
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59510
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59512
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59511
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 56409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 63267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59517
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59519
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59513
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59516
Source: unknown	Network traffic detected: HTTP traffic on port 51022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59515
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59521
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59523
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59522
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59529 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 57185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59529
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59528
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59507 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59525
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59527
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59526
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59532
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59531
Source: unknown	Network traffic detected: HTTP traffic on port 56410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59530
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 52782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 59519 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59531 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59497 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52778
Source: unknown	Network traffic detected: HTTP traffic on port 62626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52779
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52773
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52777
Source: unknown	Network traffic detected: HTTP traffic on port 56192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52775
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52780
Source: unknown	Network traffic detected: HTTP traffic on port 54675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61365
Source: unknown	Network traffic detected: HTTP traffic on port 52780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 58733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52787
Source: unknown	Network traffic detected: HTTP traffic on port 59520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52786
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52791
Source: unknown	Network traffic detected: HTTP traffic on port 56184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53806
Source: unknown	Network traffic detected: HTTP traffic on port 59509 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59521 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50532
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57176
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62631
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62632
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57188
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57185
Source: unknown	Network traffic detected: HTTP traffic on port 58719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57187
Source: unknown	Network traffic detected: HTTP traffic on port 52789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57181
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57182
Source: unknown	Network traffic detected: HTTP traffic on port 59532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57183
Source: unknown	Network traffic detected: HTTP traffic on port 59496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59499
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59498
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59495
Source: unknown	Network traffic detected: HTTP traffic on port 57182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59497
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59496
Source: unknown	Network traffic detected: HTTP traffic on port 59510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51029
Source: unknown	Network traffic detected: HTTP traffic on port 62624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51024
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51022
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51027
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51026
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51031
Source: unknown	Network traffic detected: HTTP traffic on port 58735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63262
Source: unknown	Network traffic detected: HTTP traffic on port 59522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51032
Source: unknown	Network traffic detected: HTTP traffic on port 56416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54672
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59511 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65331
Source: unknown	Network traffic detected: HTTP traffic on port 54672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54676
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54675
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54674
Source: unknown	Network traffic detected: HTTP traffic on port 59523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54673
Source: unknown	Network traffic detected: HTTP traffic on port 56417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54679
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54678
Source: unknown	Network traffic detected: HTTP traffic on port 59500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54677
Source: unknown	Network traffic detected: HTTP traffic on port 59499 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63266
Source: unknown	Network traffic detected: HTTP traffic on port 56187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54983
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54988
Source: unknown	Network traffic detected: HTTP traffic on port 59501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54985
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54991
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50271
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50273
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54992
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59513 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58739
Source: unknown	Network traffic detected: HTTP traffic on port 51029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58732
Source: unknown	Network traffic detected: HTTP traffic on port 59502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58735
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58734
Source: unknown	Network traffic detected: HTTP traffic on port 57178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443

Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:56185 version: TLS 1.2

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4f9ae8.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{F9C6748C-CCEB-467C-97E9-5668D393FD5A}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9BF1.tmp	Jump to behavior

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00165010	14_2_00165010
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00151000	14_2_00151000
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00155480	14_2_00155480
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015FCB0	14_2_0015FCB0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_001640B0	14_2_001640B0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_001604F0	14_2_001604F0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00151D20	14_2_00151D20
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00164520	14_2_00164520
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00152540	14_2_00152540
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015AD80	14_2_0015AD80
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00161220	14_2_00161220
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00161A70	14_2_00161A70
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00160AE0	14_2_00160AE0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00166750	14_2_00166750
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00152B70	14_2_00152B70
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00162760	14_2_00162760
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015D390	14_2_0015D390
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015BB80	14_2_0015BB80
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015EBA0	14_2_0015EBA0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_001793F0	14_2_001793F0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015F3E0	14_2_0015F3E0

Source: classification engine

Classification label: mal52.troj.winMSI@67/263@14294/13

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7a0509b1-cb51-41b2-aad1-93b6a8650624.tmp

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5348:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6044:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6460:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF96D373F5D81D918F.TMP

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File read: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\msiwrapper.ini

Jump to behavior

Source: C:\Windows\SysWOW64\icacls.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F80F04059A34389A19F284A67FC6C1A0
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
Source: C:\Windows\SysWOW64\expand.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start msedge https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,15647764564756783945,3454586451567305123,262144 /prefetch:3
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe" /VERYSILENT /VERYSILENT
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7508 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:6
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7092 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7920 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F80F04059A34389A19F284A67FC6C1A0	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\." /SETINTEGRITYLEVEL (CI)(OI)HIGH	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start msedge https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe" /VERYSILENT /VERYSILENT	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,15647764564756783945,3454586451567305123,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7508 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:6	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7920 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7092 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7920 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\icacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: dpx.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: wdscore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File written: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\msiwrapper.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: setup.msi

Static file information: File size 2019328 > 1048576

Source:

Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: setup.msi, 4f9ae8.msi.1.dr, MSI9BF1.tmp.1.dr

PE file contains sections with non-standard names

Source: 9f37ff0b24a06043980c7f30b5188b3b.tmp.6.dr	Static PE information: section name: .00cfg
Source: 9f37ff0b24a06043980c7f30b5188b3b.tmp.6.dr	Static PE information: section name: .voltbl

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00167410 push eax; mov dword ptr [esp], ecx	14_2_00167413
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0016BC4D push EBC8440Fh; iretd	14_2_0016BC80
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0016B093 push EBC8440Fh; iretd	14_2_0016B0A0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015C487 pushfd ; ret	14_2_0015C492
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015C504 pushfd ; ret	14_2_0015C492
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00168133 push EBC8440Fh; iretd	14_2_00168140
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0016B333 push EBC8440Fh; iretd	14_2_0016B340
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_001683E3 push EBC8440Fh; iretd	14_2_001683F0

Source: 9f37ff0b24a06043980c7f30b5188b3b.tmp.6.dr

Static PE information: section name: .text entropy: 7.020203961527579

Drops PE files

Source: C:\Windows\SysWOW64\expand.exe	File created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\af349e1bd38449778cfe9266be870cd2$dpx$.tmp\9f37ff0b24a06043980c7f30b5188b3b.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\expand.exe	File created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9BF1.tmp	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\MSI9BF1.tmp

Jump to dropped file

Uses cacls to modify the permissions of files

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\." /SETINTEGRITYLEVEL (CI)(OI)HIGH

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Thread delayed: delay time: 600000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Thread delayed: delay time: 599991			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Window / User API: threadDelayed 621	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Window / User API: threadDelayed 6567	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Window / User API: threadDelayed 1666	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe

Dropped PE file which has not been started: C:\Windows\Installer\MSI9BF1.tmp

Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe

API coverage: 8.0 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 165 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep time: -99000000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 160 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 621 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep time: -599991s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 6567 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 1666 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 140 > 30	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Thread delayed: delay time: 600000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Thread delayed: delay time: 599991			Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\	Jump to behavior

Source: Web Data.15.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Web Data.15.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: Web Data.15.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.15.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.15.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: Web Data.15.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.15.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.15.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: setup.exe, 0000000E.00000002.5153757812.0000000000979000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.15.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.15.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.15.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.15.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.15.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.15.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Web Data.15.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.15.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.15.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe

Code function: 14_2_002B685A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

14_2_002B685A

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002C2636 mov eax, dword ptr fs:[00000030h]	14_2_002C2636
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002B4048 mov eax, dword ptr fs:[00000030h]	14_2_002B4048
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002C2605 mov eax, dword ptr fs:[00000030h]	14_2_002C2605

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002AE83B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		14_2_002AE83B
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002B685A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		14_2_002B685A

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\." /SETINTEGRITYLEVEL (CI)(OI)HIGH	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start msedge https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe" /VERYSILENT /VERYSILENT	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe

Code function: 14_2_002AF73A GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

14_2_002AF73A

Source: C:\Windows\SysWOW64\expand.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
20.25.227.174	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.218.232.186	unknown	United States	24835	RAYA-ASEG	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
31.192.232.92	ygiqycocskiqysoa.xyz	Russian Federation	43948	GLESYS-ASSE	true
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.251.116.132	unknown	United States	15169	GOOGLEUS	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.47.194.88	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.198.7.179	unknown	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	172.64.41.3	true
ygiqycocskiqysoa.xyz	31.192.232.92	true
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true
sni1gl.wpc.nucdn.net	152.199.21.175	true
ggeymcaisciikucq.xyz	unknown	unknown
oekcaayquakwwqwi.xyz	unknown	unknown
ieoswwckmeemewmy.xyz	unknown	unknown
ygeuymsgukmeweem.xyz	unknown	unknown
seqqwggqsemmyimy.xyz	unknown	unknown
kqsceuqymuaaosco.xyz	unknown	unknown
akmmuquowosgmiue.xyz	unknown	unknown
ygqioyewaiccqsqc.xyz	unknown	unknown
qoqaweeogkyaiswa.xyz	unknown	unknown
kecuqqqsemwamwsw.xyz	unknown	unknown
cscysgmyqwwaowci.xyz	unknown	unknown
qaakgeqyogueswum.xyz	unknown	unknown
eiekaqqkoeaqcgum.xyz	unknown	unknown
wcuasoysicymswkc.xyz	unknown	unknown
osyikikusucsyaqa.xyz	unknown	unknown
uckeiuwquaogckyk.xyz	unknown	unknown
uouaeyiicyseqqkw.xyz	unknown	unknown
ywasiycyekeagiwi.xyz	unknown	unknown
qcgkccgikkaekkae.xyz	unknown	unknown
kigkimcciaqseumg.xyz	unknown	unknown
gocsgmiasiwiaauq.xyz	unknown	unknown
iguawiaomooigmsk.xyz	unknown	unknown
gocemmguaiscecsc.xyz	unknown	unknown
ismiwomqqasuocaq.xyz	unknown	unknown
ggusoyqqicokiysm.xyz	unknown	unknown
awuokyeekkcyscye.xyz	unknown	unknown
sasieowggsmysyko.xyz	unknown	unknown
gamcokgkmqacouym.xyz	unknown	unknown
eesoasewgmeceeuq.xyz	unknown	unknown
eikciewqyqgacaug.xyz	unknown	unknown
aqsqmuskqokygayi.xyz	unknown	unknown
ysquawceumwmmeim.xyz	unknown	unknown
oswcgkiymwoeogsi.xyz	unknown	unknown
auookyqyokigeemw.xyz	unknown	unknown
iesmsqoaaoeoiuke.xyz	unknown	unknown
uouuacqaiqyoyioo.xyz	unknown	unknown
sukwukqascoqcmse.xyz	unknown	unknown
wsmyawqeqguacwas.xyz	unknown	unknown
aqwacqooyiwygyoc.xyz	unknown	unknown
sayaqiwyksykoyym.xyz	unknown	unknown
yyouqumykugegqeu.xyz	unknown	unknown
imsacesgwqycguoe.xyz	unknown	unknown
gceusqyeiukamwou.xyz	unknown	unknown
cyqoqgwsucyseqac.xyz	unknown	unknown
muweekgyssqoaeog.xyz	unknown	unknown
wcqgcyikokiakagc.xyz	unknown	unknown
cykgucwkesokooyw.xyz	unknown	unknown
wmyqoeegwkseemga.xyz	unknown	unknown
miegccyqsosukecs.xyz	unknown	unknown
kcugkqiiyawauowc.xyz	unknown	unknown
maeuwkkcgimmgcoq.xyz	unknown	unknown
wgssaogcsscmkswu.xyz	unknown	unknown
ucygwcsmoasukyuc.xyz	unknown	unknown
ggqiuaoaysmggioi.xyz	unknown	unknown
coyomsqoekmuseyq.xyz	unknown	unknown
queogacswqgooqmi.xyz	unknown	unknown
acksyoaeuccmoaic.xyz	unknown	unknown
qwowwoeuamyesawg.xyz	unknown	unknown
uwcuoomugqqkyogo.xyz	unknown	unknown
myesqeiamkcqwagq.xyz	unknown	unknown
sggqysiuwgcemgcq.xyz	unknown	unknown
ggwsywciiqwmwcuk.xyz	unknown	unknown
iqemqmegqycwqcyk.xyz	unknown	unknown
gccusuegqysiiuse.xyz	unknown	unknown
gmmacaiigwcscggs.xyz	unknown	unknown
oeccwomewsuiickw.xyz	unknown	unknown
mueuwcqsioowsmce.xyz	unknown	unknown
mmisquwegymayaee.xyz	unknown	unknown
qwsoiiyiugowugyq.xyz	unknown	unknown
ismkeauoisusogmu.xyz	unknown	unknown
ekmemiuwmgewmqmq.xyz	unknown	unknown
casgiagamkwmaiim.xyz	unknown	unknown
qcwaiaiqiwcakawa.xyz	unknown	unknown
wgiqkyyswqekogmk.xyz	unknown	unknown
kikosgmouyswygca.xyz	unknown	unknown
muwegkamikcmyiay.xyz	unknown	unknown
aiewakuswoecyiii.xyz	unknown	unknown
kkuuagakcmsweqci.xyz	unknown	unknown
uoqeyyoasyuqisks.xyz	unknown	unknown
iqegskoueamywuem.xyz	unknown	unknown
wageoquamwgauucu.xyz	unknown	unknown
eiuguewususawake.xyz	unknown	unknown
moeqagyeuwegeaqu.xyz	unknown	unknown
ossgmuswcekggagy.xyz	unknown	unknown
wieyiiycgiuqmwsw.xyz	unknown	unknown
uqeqcmosioeeuymu.xyz	unknown	unknown
ekwimeeskgocsuui.xyz	unknown	unknown
oewkmsgwomookews.xyz	unknown	unknown
mgqcyyiyyiqsukys.xyz	unknown	unknown
cawmiwcamgwowuga.xyz	unknown	unknown
imwcgaksigwguiea.xyz	unknown	unknown
aciusmowqwaaeake.xyz	unknown	unknown
qugeewukcsgkcgqk.xyz	unknown	unknown
ueuumyeqmsmymuym.xyz	unknown	unknown
msccauykiukqesci.xyz	unknown	unknown
wmgoyusqoacscaym.xyz	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bzib.nelreports.net/api/report?cat=bingbusiness	false		unknown
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown
https://ygiqycocskiqysoa.xyz:443/api/client_hello	false		unknown
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx	false		unknown

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.4% probability

Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:56185 version: TLS 1.2

Source:

Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: setup.msi, 4f9ae8.msi.1.dr, MSI9BF1.tmp.1.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\	Jump to behavior

Networking

Performs DNS queries to domains with low reputation

Source:	DNS query: ygiqycocskiqysoa.xyz
Source:	DNS query: eyoyiqskiciwwoyw.xyz
Source:	DNS query: ueaokkmeuioagwuc.xyz
Source:	DNS query: wiaiwegmqcmwcouw.xyz
Source:	DNS query: muuagqkickggsewc.xyz
Source:	DNS query: uyicacsgusyikwmy.xyz
Source:	DNS query: qcwcksiayqqmwssm.xyz
Source:	DNS query: ekacwgokqcscqysi.xyz
Source:	DNS query: esuyiyesukcuoico.xyz
Source:	DNS query: oeegecksewamggaa.xyz
Source:	DNS query: yyacmosgygqayqys.xyz
Source:	DNS query: cgeewuguwiikcwug.xyz
Source:	DNS query: qckwwsmukogkeuge.xyz
Source:	DNS query: keoqiqigggqkcykq.xyz
Source:	DNS query: kqsamcsauqiagmma.xyz
Source:	DNS query: mocikyoeikocwkuc.xyz
Source:	DNS query: uymiagmwmqmimewm.xyz
Source:	DNS query: gcikuiqswcgsscog.xyz
Source:	DNS query: qwmaokcmiwuqqyes.xyz
Source:	DNS query: igaiseoqksuoukqg.xyz
Source:	DNS query: kqukwaogqoucsaas.xyz
Source:	DNS query: miacggmycyqikoyq.xyz
Source:	DNS query: woceumwmwioocusa.xyz
Source:	DNS query: acgcaiyykiigugms.xyz
Source:	DNS query: cogsyycsuwoysugi.xyz
Source:	DNS query: oekyamueeiiousia.xyz
Source:	DNS query: wukaqiusicksuguo.xyz
Source:	DNS query: yyusosuyycoeikgo.xyz
Source:	DNS query: kqoceoymymoicqky.xyz
Source:	DNS query: uykkwkqqemamguwa.xyz
Source:	DNS query: oyekqyccewougasu.xyz
Source:	DNS query: ymsaymyugccysmow.xyz
Source:	DNS query: omuquowgiusiesgk.xyz
Source:	DNS query: wiywykakusaygisc.xyz
Source:	DNS query: aqmqywkwsmmayyoi.xyz
Source:	DNS query: cuccygameukkeumw.xyz
Source:	DNS query: ukekykoqskumoikg.xyz
Source:	DNS query: uyqcacmsiquuwggq.xyz
Source:	DNS query: ysoqqwckkqssyigm.xyz
Source:	DNS query: yyemsyoimicqmais.xyz
Source:	DNS query: miigookwguakmkeu.xyz
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	DNS query: qiuswcgwaqgemwcg.xyz
Source:	DNS query: wuusiiukmwcmimyk.xyz
Source:	DNS query: uqyukkamycuaimsu.xyz
Source:	DNS query: woeamasicuiqyckq.xyz
Source:	DNS query: akaueuwoocwkkoya.xyz
Source:	DNS query: qciqgoeogwwmwkcw.xyz
Source:	DNS query: ucwesqiquqggymqe.xyz
Source:	DNS query: mgseamqmgkqcuewy.xyz
Source:	DNS query: gaoweoyqcuuykwgu.xyz
Source:	DNS query: oqegmuqkgyaywwmc.xyz
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	DNS query: qusmiuqmmgqsgeci.xyz
Source:	DNS query: yqcakkmwigkaumii.xyz
Source:	DNS query: qokykyyigsyqggqe.xyz
Source:	DNS query: cyyyokugycioysok.xyz
Source:	DNS query: iqcaysimoeeqamky.xyz
Source:	DNS query: yekiwquqaacesqqq.xyz
Source:	DNS query: gmooqswyuuqaiomi.xyz
Source:	DNS query: kuiomoiwauwckqeq.xyz
Source:	DNS query: ceucuuwiwwuiweaq.xyz
Source:	DNS query: cycscsqyqkeaykgc.xyz
Source:	DNS query: ssagiiaauyewiswa.xyz
Source:	DNS query: ggwsuoyyioagegkw.xyz
Source:	DNS query: ieikmuieoqqmugwu.xyz
Source:	DNS query: kcqkucqkogqiuukw.xyz
Source:	DNS query: oqouwceoowyiwgag.xyz
Source:	DNS query: gakowseyscmeqkya.xyz
Source:	DNS query: quisoakcuqsygyyc.xyz
Source:	DNS query: auuisqaykqgeesae.xyz
Source:	DNS query: iyawyckqggkwsyoq.xyz
Source:	DNS query: ecmyomcaicqysoqw.xyz
Source:	DNS query: iqcqqquiwomgsmma.xyz
Source:	DNS query: ssegwgieumyoasym.xyz
Source:	DNS query: ssegwgieumyoasym.xyz
Source:	DNS query: ceeomiecgymecgau.xyz
Source:	DNS query: myisokqwsmqeusuy.xyz
Source:	DNS query: ywkamsiogkycyosy.xyz
Source:	DNS query: ggkyecqguqkkuoso.xyz
Source:	DNS query: kcyoeiykekuqkkmg.xyz
Source:	DNS query: ikwyuqgsegcgcccg.xyz
Source:	DNS query: wgswkwaesqqwkoaa.xyz
Source:	DNS query: eqkkkcuwkiqiecac.xyz
Source:	DNS query: kigcewceemkckeow.xyz
Source:	DNS query: ykaimcgigakggwec.xyz
Source:	DNS query: uceaygkekiassamu.xyz
Source:	DNS query: seioywksogeseqig.xyz
Source:	DNS query: ssoqscyewimqiqme.xyz
Source:	DNS query: kocgeaeoakgqewog.xyz
Source:	DNS query: kuiqsugkqeoscguo.xyz
Source:	DNS query: kcsqwmkusesaccwa.xyz
Source:	DNS query: ywyawywiuyecuiuu.xyz
Source:	DNS query: uowowiqiyeiuwmcc.xyz
Source:	DNS query: uokqeaieowiogsgc.xyz
Source:	DNS query: ikoqkscwsowwukmi.xyz
Source:	DNS query: iymukyseoieqccac.xyz
Source:	DNS query: qascmswkaisogoaq.xyz
Source:	DNS query: gacgceaygaecuguy.xyz
Source:	DNS query: eqyyguuwsyqaqgsq.xyz
Source:	DNS query: ewywcoeukaoaegci.xyz
Source:	DNS query: mmygsewuukqkiiok.xyz
Source:	DNS query: wgyimykogekgewoa.xyz
Source:	DNS query: uiguoqqagkiuagyc.xyz
Source:	DNS query: kcesagqugouwkqyg.xyz
Source:	DNS query: yqeugeoquqsokgqk.xyz
Source:	DNS query: eigkgwkyuqssgamw.xyz
Source:	DNS query: waqmyueimmyiuawq.xyz
Source:	DNS query: qgukewuuykmmkgeq.xyz
Source:	DNS query: gmwcscokucowyogs.xyz
Source:	DNS query: ywegqamoegumacgi.xyz
Source:	DNS query: yquocucuqoywwcsu.xyz
Source:	DNS query: eqmeimmouegoasay.xyz
Source:	DNS query: cykgmsqcgysgaioo.xyz
Source:	DNS query: oqoemaogyoikomiy.xyz
Source:	DNS query: qoiiomimuoaqgeku.xyz
Source:	DNS query: wgymkeismmiemsqq.xyz
Source:	DNS query: ykocagogmeiwmymy.xyz
Source:	DNS query: csoqiicgaaiyyoom.xyz
Source:	DNS query: koioiiwouukqousy.xyz
Source:	DNS query: okkyekwuommcicqi.xyz
Source:	DNS query: ecacmycegqoaquio.xyz
Source:	DNS query: skgcsksqyekiymii.xyz
Source:	DNS query: kckcekceqgcyqcsa.xyz
Source:	DNS query: uoaeyoycyycqkoci.xyz
Source:	DNS query: wsaekoiomeagsaes.xyz
Source:	DNS query: iqmeccigieosgmwq.xyz
Source:	DNS query: ggeqowwmmmeekigg.xyz
Source:	DNS query: sssawsmmkmuyqsaq.xyz
Source:	DNS query: ecmckkeyoskcigeu.xyz
Source:	DNS query: quoqoooiamqkkosc.xyz
Source:	DNS query: waokmuyyeooamowm.xyz
Source:	DNS query: ykomskascimimomo.xyz
Source:	DNS query: mmisquwegymayaee.xyz
Source:	DNS query: mmyukmsqamgicqai.xyz
Source:	DNS query: ikwyooieywakeqog.xyz
Source:	DNS query: mgwmkyyqckeewgce.xyz
Source:	DNS query: owoksuegymmgesys.xyz
Source:	DNS query: aamuskacaaiycguu.xyz
Source:	DNS query: yegskieoocgoamyi.xyz
Source:	DNS query: aaiouwywwcwuuasm.xyz
Source:	DNS query: kuoqgwooymgsqaum.xyz
Source:	DNS query: myoyccuwcyaygceg.xyz
Source:	DNS query: ggqgwuaseamkyywa.xyz
Source:	DNS query: uwimwwicgcscuoku.xyz
Source:	DNS query: cyyukyomsoiqyyqa.xyz
Source:	DNS query: gaisoawuoicqsumy.xyz
Source:	DNS query: qogsmcecyusiyaim.xyz
Source:	DNS query: ykqocceawkwoagmc.xyz
Source:	DNS query: aosywgkogcissggi.xyz
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	DNS query: ieywwkeuouoqgqms.xyz
Source:	DNS query: ecgkeyeueawgcuqo.xyz
Source:	DNS query: guimuaoiecmouigq.xyz
Source:	DNS query: ggkyuooyikmqoscw.xyz
Source:	DNS query: uoeeuiaewmogugeo.xyz
Source:	DNS query: okgeqaswygsgykme.xyz
Source:	DNS query: ywqiciegywcouoiy.xyz
Source:	DNS query: qgkgogieieoomkqq.xyz
Source:	DNS query: qgkmsekougssaawq.xyz
Source:	DNS query: ggmwwewskeiggosq.xyz
Source:	DNS query: eqgwaamacqweiwie.xyz
Source:	DNS query: wmqcgwcegsomeqas.xyz
Source:	DNS query: oqummowmqwcgsegm.xyz
Source:	DNS query: qoowyoueaaaccgqs.xyz
Source:	DNS query: csiykwakekqoqaym.xyz
Source:	DNS query: mmymmauyiiksiugu.xyz
Source:	DNS query: cseksqccmgaieyic.xyz
Source:	DNS query: cykgucwkesokooyw.xyz
Source:	DNS query: okoguckagygoqqgk.xyz
Source:	DNS query: cyswykkcmggyiqwo.xyz
Source:	DNS query: gmmacaiigwcscggs.xyz
Source:	DNS query: yequgaccqouegcmw.xyz
Source:	DNS query: sksiyqgummyycgmi.xyz
Source:	DNS query: skekiggeimmceqcg.xyz
Source:	DNS query: eiqqequeskcqiqmw.xyz
Source:	DNS query: ecsamoyaimquqwow.xyz
Source:	DNS query: aiyksmkyqgyaemiw.xyz
Source:	DNS query: owewoieiwasaueco.xyz
Source:	DNS query: aoymcmmeqqqgwwca.xyz
Source:	DNS query: iygsiugeeogoeiyi.xyz
Source:	DNS query: quuemeewaqaiiyqc.xyz
Source:	DNS query: wggikwiqowiwqcqg.xyz
Source:	DNS query: ucuiiwcwwgimkyyi.xyz
Source:	DNS query: koiugmaqgkawaiyw.xyz
Source:	DNS query: waeqkmeeasauygum.xyz
Source:	DNS query: ecimsaauyieykegi.xyz
Source:	DNS query: ocsqocikkcggeaaw.xyz
Source:	DNS query: iyaqqeamygmakcgo.xyz
Source:	DNS query: uowgcyqcgaqiumoi.xyz
Source:	DNS query: myymasomksgeawqw.xyz
Source:	DNS query: myaueqycgeikwagc.xyz
Source:	DNS query: seoomaqwwimwueiw.xyz
Source:	DNS query: mgeycqkiwggsymyc.xyz
Source:	DNS query: ikgkgaaqqsmomuim.xyz
Source:	DNS query: ieuaeqceycqyqygk.xyz
Source:	DNS query: waeqwwagawqkksya.xyz
Source:	DNS query: mmeuqmoaekswggoe.xyz
Source:	DNS query: ucyoqcksaiiwgqae.xyz
Source:	DNS query: aoosomigeaiewqom.xyz
Source:	DNS query: cyqaqqcqamemsiog.xyz
Source:	DNS query: wacqigcacsemkyos.xyz
Source:	DNS query: yqocoeikiyacyuck.xyz
Source:	DNS query: ywcuqkkmmqioiwqk.xyz
Source:	DNS query: ywcuqkkmmqioiwqk.xyz
Source:	DNS query: waqcciyigkuoygqy.xyz
Source:	DNS query: ceoqyeiycqkumwao.xyz
Source:	DNS query: aauquiiqeugcwswc.xyz
Source:	DNS query: uoeiymqawsqiyuck.xyz
Source:	DNS query: yqceweqmaumwwywy.xyz
Source:	DNS query: eqmycgagykgkqwsu.xyz
Source:	DNS query: seuuicaewuoaumes.xyz
Source:	DNS query: aomaeyokqgsuomii.xyz
Source:	DNS query: waqucgoeeeeymeii.xyz
Source:	DNS query: oqacqgmiaaewmmey.xyz
Source:	DNS query: ykeaoyaycoiamqey.xyz
Source:	DNS query: csmgwcogqqcwseka.xyz
Source:	DNS query: auowmussgaesgwas.xyz
Source:	DNS query: aikmouciiqgecoqi.xyz
Source:	DNS query: koecgqggegimaeya.xyz
Source:	DNS query: aawqwccomcemcysm.xyz
Source:	DNS query: kcyakwisycecaqgw.xyz
Source:	DNS query: uogksceymossmmqc.xyz
Source:	DNS query: qgmyeeguweaukuke.xyz
Source:	DNS query: mywaqkeaawisisky.xyz
Source:	DNS query: yqqsggacauiiugka.xyz
Source:	DNS query: equmqmqwuuuioawa.xyz
Source:	DNS query: wmoamsauiwauoosg.xyz
Source:	DNS query: oqsakkimkesccikc.xyz
Source:	DNS query: mgiwaegaqyyaakwy.xyz
Source:	DNS query: ucmioacycscyeouk.xyz
Source:	DNS query: qumaseqmggyaiauq.xyz
Source:	DNS query: uccyyemqaiiksuwm.xyz
Source:	DNS query: sesyieaiesegeaow.xyz
Source:	DNS query: kccmicaswqmswwak.xyz
Source:	DNS query: mssaogwocegysoow.xyz
Source:	DNS query: wssaqmakumewmaes.xyz
Source:	DNS query: cmukociggiqcouio.xyz
Source:	DNS query: skyqsyyymyacyayc.xyz
Source:	DNS query: uoigsiqmemcscosu.xyz
Source:	DNS query: kuywuskkgqsigqqs.xyz
Source:	DNS query: auayomwkewcomwas.xyz
Source:	DNS query: iyaikmkkowcqemsi.xyz
Source:	DNS query: ggicikyqcaiyguee.xyz
Source:	DNS query: oqyaoykomyoygics.xyz
Source:	DNS query: eqakguiwiqacqiwg.xyz
Source:	DNS query: wgcaouuqqqwucogy.xyz
Source:	DNS query: ewacuagosgqmuocm.xyz
Source:	DNS query: wgqyouayikuyuqmk.xyz
Source:	DNS query: owaaygsacguucaye.xyz
Source:	DNS query: uwgicagyykoommga.xyz
Source:	DNS query: uiggameqqycugsqw.xyz
Source:	DNS query: goguooqkgysueime.xyz
Source:	DNS query: keosqeosukqcooco.xyz
Source:	DNS query: maoeeogmuauywsyu.xyz
Source:	DNS query: ismqaewykmoiguki.xyz
Source:	DNS query: wucwykasawokemaw.xyz
Source:	DNS query: ukmcqucewskcqygg.xyz
Source:	DNS query: qqqmeagkkosgcayo.xyz
Source:	DNS query: ysawassgkwqygmmq.xyz
Source:	DNS query: osaeyoiqoqawauga.xyz
Source:	DNS query: iagisciiyoemgwaa.xyz
Source:	DNS query: ymysimqoykwqeqiq.xyz
Source:	DNS query: ymmcwogyimsuqmcc.xyz
Source:	DNS query: osmoygyawqmmimkq.xyz
Source:	DNS query: immyecuqwkiyscys.xyz
Source:	DNS query: omsqkuiwcwoegooq.xyz
Source:	DNS query: ukaiiiyqoooycyqm.xyz
Source:	DNS query: isemauqkwwiumyky.xyz
Source:	DNS query: keguuyioweymiaws.xyz
Source:	DNS query: kwaywmaequkqccai.xyz
Source:	DNS query: yyimcoiwgckeakcm.xyz
Source:	DNS query: ekcwemuekgqsimae.xyz
Source:	DNS query: imigkomgmqgmakqk.xyz
Source:	DNS query: omasqkwqyskcagwi.xyz
Source:	DNS query: awyomscgweuqmgaw.xyz
Source:	DNS query: eyoyssauceguqwmk.xyz
Source:	DNS query: gwwcqeykmseicgaw.xyz
Source:	DNS query: qwywqgsmgaoiwsga.xyz
Source:	DNS query: ososwckwcqmmwqcy.xyz
Source:	DNS query: osaymwoggqqycmse.xyz
Source:	DNS query: oyewqwkusieeoqey.xyz
Source:	DNS query: ommwaqgaemsmcqwc.xyz
Source:	DNS query: cauewwukyywyqiei.xyz
Source:	DNS query: goeykqccmemkswom.xyz
Source:	DNS query: aksuakswwkiimamq.xyz
Source:	DNS query: isaeicumkcuwqmqq.xyz
Source:	DNS query: qiswokuokugiooky.xyz
Source:	DNS query: qiswcssocuqsaqkq.xyz
Source:	DNS query: qcyksokwumicscaa.xyz
Source:	DNS query: esiaisyasoaoqwki.xyz
Source:	DNS query: giqukkwwcwgqcisg.xyz
Source:	DNS query: ymqaaskiwomkucuy.xyz
Source:	DNS query: akueuaicusaoieiy.xyz
Source:	DNS query: sauygqecsusickcu.xyz
Source:	DNS query: kkwkgmcoawgaoiwg.xyz
Source:	DNS query: saumycuogqsqykes.xyz
Source:	DNS query: ukyokaigmmkumgoa.xyz
Source:	DNS query: eswweuycwwiiykwo.xyz
Source:	DNS query: uksgyqiqaaiaiesi.xyz
Source:	DNS query: smckcsaioceiyasu.xyz
Source:	DNS query: esimsqgcwwwmyoqc.xyz
Source:	DNS query: maiyuocqqiqiiskw.xyz
Source:	DNS query: smaaowemwiwggocu.xyz
Source:	DNS query: kwuuwgemogmuomwq.xyz
Source:	DNS query: kwuuwgemogmuomwq.xyz
Source:	DNS query: ukicsmiwggcwksam.xyz
Source:	DNS query: gwamoggwyegsseao.xyz
Source:	DNS query: immcqsiceooqyaay.xyz
Source:	DNS query: kkcqgowgkcoyokcu.xyz
Source:	DNS query: kecgikusmakuksma.xyz
Source:	DNS query: ymuiggyusggsymoi.xyz
Source:	DNS query: uecouukwkuceyuwg.xyz
Source:	DNS query: eyoaceoookqskqmy.xyz
Source:	DNS query: awwomgcseeqwkkom.xyz
Source:	DNS query: keykoekseemyiewq.xyz
Source:	DNS query: ysiwwoeeaaskykaw.xyz
Source:	DNS query: kwmcuwccqmuecgea.xyz
Source:	DNS query: gwyooeiscmwguqms.xyz
Source:	DNS query: wuokiysmiucoucak.xyz
Source:	DNS query: wuuiumemmigyyauq.xyz
Source:	DNS query: acwomuuukiomgqkm.xyz
Source:	DNS query: muwqwgaaymomgwmi.xyz
Source:	DNS query: omgcoecwsqiuqyug.xyz
Source:	DNS query: kqmsgskwgemyueya.xyz
Source:	DNS query: eyiyueewuaqmmwcm.xyz
Source:	DNS query: gwoyamckoqoaauoq.xyz
Source:	DNS query: qwqsoyoqkymakowm.xyz
Source:	DNS query: gcmiymmqgwuquokm.xyz
Source:	DNS query: ymseciekayuweoww.xyz
Source:	DNS query: oyocwswugeiqqyoo.xyz
Source:	DNS query: omgooecquoweeomo.xyz
Source:	DNS query: imgeoyougkmmeuec.xyz
Source:	DNS query: smoswyoekkccyuga.xyz
Source:	DNS query: suwkomiqcykeyako.xyz
Source:	DNS query: smwsugycuuckemue.xyz
Source:	DNS query: qigcqiaomwieqwka.xyz
Source:	DNS query: oekcyqqggaegsesm.xyz
Source:	DNS query: qcoysaaooaiccqyu.xyz
Source:	DNS query: mismuqiygyeysaoo.xyz
Source:	DNS query: wockoyekyageakcg.xyz
Source:	DNS query: ososokqeakgguwsq.xyz
Source:	DNS query: wcgqccqcugomywua.xyz
Source:	DNS query: aqaqgemescmwsqks.xyz
Source:	DNS query: aqiwocaywcswuwsq.xyz
Source:	DNS query: aqgmgoqcoqqkguyk.xyz
Source:	DNS query: oywgqkusocouysua.xyz
Source:	DNS query: uyygagweoagcuqky.xyz
Source:	DNS query: muiccguyaeaqwweg.xyz
Source:	DNS query: qiqueqokwqqgwwci.xyz
Source:	DNS query: uygmgoymcwcgkios.xyz
Source:	DNS query: qiyggmguowygeooc.xyz
Source:	DNS query: acacoiqgoimayqwm.xyz
Source:	DNS query: smisyqewaummmwoc.xyz
Source:	DNS query: mumuqocoisaucwmq.xyz
Source:	DNS query: qqoawmqqwqcusmee.xyz
Source:	DNS query: qcygacuamqqugcck.xyz
Source:	DNS query: kkiigoymgkmoggoq.xyz
Source:	DNS query: qqmicqemgcgieoau.xyz
Source:	DNS query: sagymwuwgeucsmac.xyz
Source:	DNS query: igmqooiwioymwkcm.xyz
Source:	DNS query: osyqameakgkceeog.xyz
Source:	DNS query: sgigamoeiwksoecq.xyz
Source:	DNS query: keckssemmeoqieqe.xyz
Source:	DNS query: caysswwugsmkeksw.xyz
Source:	DNS query: cgiamwsqgcmqgqse.xyz
Source:	DNS query: uyeqwcuyimescesu.xyz
Source:	DNS query: ekiwqiyewuiqoemo.xyz
Source:	DNS query: oeakuqueisysswcg.xyz
Source:	DNS query: acemcwecgiqcukys.xyz
Source:	DNS query: qcwaiaiqiwcakawa.xyz
Source:	DNS query: esyiocqieemagwmo.xyz
Source:	DNS query: kqsakygykwusqams.xyz
Source:	DNS query: ymygkkggyigeqcqe.xyz
Source:	DNS query: qqqkagyoymmosuyo.xyz
Source:	DNS query: moiimkscmiswaesw.xyz
Source:	DNS query: igkiociagqsacmwa.xyz
Source:	DNS query: ymugwyokyyccykmw.xyz
Source:	DNS query: gieksqwccmmqkemm.xyz
Source:	DNS query: iaueigwgocakgsku.xyz
Source:	DNS query: sgsasqgwayeckgoy.xyz
Source:	DNS query: kwogawueykiiumao.xyz
Source:	DNS query: iagmkeayqmuowswy.xyz
Source:	DNS query: yyyagyakeciucagk.xyz
Source:	DNS query: isukyiwyscosaaqc.xyz
Source:	DNS query: goicqsmskkygkkka.xyz
Source:	DNS query: awacwkqgsoomimye.xyz
Source:	DNS query: iaawaweqwceogamg.xyz
Source:	DNS query: kqueagsoikuyocca.xyz
Source:	DNS query: momoqikcaksewaua.xyz
Source:	DNS query: suagiqkqmkgysmiw.xyz
Source:	DNS query: gcwequgwyimwymsa.xyz
Source:	DNS query: igywsgwooemqiuss.xyz
Source:	DNS query: wikiagqsmeeaeegy.xyz
Source:	DNS query: eeoeukoqgiwsumsu.xyz
Source:	DNS query: ygooiessycewaocg.xyz
Source:	DNS query: qcqgssmagywqcgws.xyz
Source:	DNS query: qcqgssmagywqcgws.xyz
Source:	DNS query: goiikukwyyauemqc.xyz
Source:	DNS query: comuwmkimocayeeu.xyz
Source:	DNS query: isgasoomksiwqcmg.xyz
Source:	DNS query: qigismmgwsiseyuu.xyz
Source:	DNS query: wuqggcwmoscwykwg.xyz
Source:	DNS query: qceawaaswmsuekmu.xyz
Source:	DNS query: ygucsucmagwqsqcu.xyz
Source:	DNS query: giuccqyqokookyue.xyz
Source:	DNS query: gceesusqmuockkgw.xyz
Source:	DNS query: ygesoycecmkuwayg.xyz
Source:	DNS query: sasqgsyksiccuuws.xyz
Source:	DNS query: qwggykgwkqoceiuo.xyz
Source:	DNS query: wiguisuayimaukgu.xyz
Source:	DNS query: qcwcgegyyieaoqca.xyz
Source:	DNS query: gwcyyawigmwceaqi.xyz
Source:	DNS query: mueuwcqsioowsmce.xyz
Source:	DNS query: qiewcykmuuacuoyk.xyz
Source:	DNS query: coayaokeissieqcc.xyz
Source:	DNS query: oeooiqokqsqcsaig.xyz
Source:	DNS query: masegmsiqgamiugm.xyz
Source:	DNS query: smwywssyyaciqkae.xyz
Source:	DNS query: aweqoooqomueeiwi.xyz
Source:	DNS query: akasikewaomyiwqk.xyz
Source:	DNS query: oyyamqygcecqocmq.xyz
Source:	DNS query: qwikoqqgiayyuakq.xyz
Source:	DNS query: miqcugomwgmygyoq.xyz
Source:	DNS query: wiccyamsgmuqoeoy.xyz
Source:	DNS query: ymeiqyyqqyaaygie.xyz
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	DNS query: wiomcwmascsigags.xyz
Source:	DNS query: awgyuqqswicwkqcs.xyz
Source:	DNS query: iacisiamimiiqyeo.xyz
Source:	DNS query: wogawoqysgiockwa.xyz
Source:	DNS query: mayykkuyeuiggyws.xyz
Source:	DNS query: cosaygigqegeyewi.xyz
Source:	DNS query: ekqyosgcumkcecmo.xyz
Source:	DNS query: qimmkmaumumswocw.xyz
Source:	DNS query: acqaagqgmsmeouce.xyz
Source:	DNS query: awasockiaymagmci.xyz
Source:	DNS query: akuyqkmomwqyiyow.xyz
Source:	DNS query: caceukeeygaaqaec.xyz
Source:	DNS query: qwcaikouwwekssco.xyz
Source:	DNS query: qqioykeogcwkowgq.xyz
Source:	DNS query: igeqissugeuswaus.xyz
Source:	DNS query: osoawyeyassgycgy.xyz
Source:	DNS query: cuaumuqcoeegomsq.xyz
Source:	DNS query: oyogquqkmyqwwkuq.xyz
Source:	DNS query: gwyougsgeaaoiumg.xyz
Source:	DNS query: ukeoemaaimqyuais.xyz
Source:	DNS query: oewuwcsmaacckewa.xyz
Source:	DNS query: esykokiigsgwcwsa.xyz
Source:	DNS query: ekgqymkkqiwogqsy.xyz
Source:	DNS query: wueossewygqoakoq.xyz
Source:	DNS query: isceiesauogasmoo.xyz
Source:	DNS query: giscmywoiaqmqcmw.xyz
Source:	DNS query: uyqweoyukcewugsu.xyz
Source:	DNS query: imuscegymggagewg.xyz
Source:	DNS query: wgesgakysuqaewik.xyz
Source:	DNS query: uwoyyqgiwowysqou.xyz
Source:	DNS query: syaouwwyoaemeekm.xyz
Source:	DNS query: aoscugususamokuy.xyz
Source:	DNS query: qucyaygweeasqeoy.xyz
Source:	DNS query: uiwwamyuymycooey.xyz
Source:	DNS query: iygukwyuqwiuoqmi.xyz
Source:	DNS query: koaeaguekwcaousw.xyz
Source:	DNS query: skssioqkemoiieaa.xyz
Source:	DNS query: yewomygmueegmoqi.xyz
Source:	DNS query: kuyoukwwacqkcoyo.xyz
Source:	DNS query: gmcqgmkyguwkskyg.xyz
Source:	DNS query: mygiqcqokowwmgqq.xyz
Source:	DNS query: cymogqmasaiiwmww.xyz
Source:	DNS query: iykumkamcykgicyi.xyz
Source:	DNS query: cyemcqwkasuimkgs.xyz
Source:	DNS query: ieqeeiggkuqcomyo.xyz
Source:	DNS query: ssmkyomikukusksu.xyz
Source:	DNS query: kimakioiwmawksiw.xyz
Source:	DNS query: qumssmeysccykkyo.xyz
Source:	DNS query: ykuoaucocogcwoky.xyz
Source:	DNS query: semyssioekmosauo.xyz
Source:	DNS query: aiiqyyikowqaygwy.xyz
Source:	DNS query: kouumoyqiuckkcau.xyz
Source:	DNS query: qgwkkkyicoqmooqu.xyz
Source:	DNS query: uwwcocucusmeguaw.xyz
Source:	DNS query: cekggiciueyeyoku.xyz
Source:	DNS query: iqqeoamqwiuiyuua.xyz
Source:	DNS query: uokqmokseqqakiui.xyz
Source:	DNS query: cyqqgacqkowwkqqe.xyz
Source:	DNS query: cmqqeimyycgqwsgg.xyz
Source:	DNS query: cmqqeimyycgqwsgg.xyz
Source:	DNS query: wmgeoqqiwqcmimwu.xyz
Source:	DNS query: quyckaioggawuois.xyz
Source:	DNS query: eqciawooemoueyqu.xyz
Source:	DNS query: oqoaumkywacmuwwm.xyz
Source:	DNS query: ewueyekksqksycww.xyz
Source:	DNS query: csmasucykosuwouy.xyz
Source:	DNS query: seeogeqwsqmsoaqe.xyz
Source:	DNS query: gusmkkaiomeeqaiy.xyz
Source:	DNS query: msyecoiqeyqeiquy.xyz
Source:	DNS query: skawoueawceoywsy.xyz
Source:	DNS query: iyuaqococuqcsgii.xyz
Source:	DNS query: kuyaasckcgacyesi.xyz
Source:	DNS query: aaeqiiecqqumcgky.xyz
Source:	DNS query: aawiysageawcoyok.xyz
Source:	DNS query: yqysoaosqewciiww.xyz
Source:	DNS query: yessywkwcwmyewqe.xyz
Source:	DNS query: aueiqscgeicewaoo.xyz

Tries to resolve many domain names, but no domain seems valid

Source: unknown	DNS traffic detected: query: akaueuwoocwkkoya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: myaueqycgeikwagc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwwcqeykmseicgaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuyaasckcgacyesi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awacwkqgsoomimye.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukmcqucewskcqygg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqyaoykomyoygics.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: quisoakcuqsygyyc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecacmycegqoaquio.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esykokiigsgwcwsa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuusiiukmwcmimyk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qokykyyigsyqggqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyeqwcuyimescesu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uoaeyoycyycqkoci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwamoggwyegsseao.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uokqmokseqqakiui.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: miqcugomwgmygyoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skawoueawceoywsy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cgiamwsqgcmqgqse.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cosaygigqegeyewi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: auayomwkewcomwas.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: seioywksogeseqig.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kckcekceqgcyqcsa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcqgssmagywqcgws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skekiggeimmceqcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymysimqoykwqeqiq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uoeiymqawsqiyuck.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: akasikewaomyiwqk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uoeeuiaewmogugeo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcyakwisycecaqgw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyicacsgusyikwmy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gieksqwccmmqkemm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqsakygykwusqams.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yegskieoocgoamyi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyewqwkusieeoqey.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiswokuokugiooky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wssaqmakumewmaes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gmmacaiigwcscggs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kkiigoymgkmoggoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isgasoomksiwqcmg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kouumoyqiuckkcau.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwggykgwkqoceiuo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: seuuicaewuoaumes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sssawsmmkmuyqsaq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqceweqmaumwwywy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ismqaewykmoiguki.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wggikwiqowiwqcqg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymugwyokyyccykmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggwsuoyyioagegkw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uqyukkamycuaimsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ssoqscyewimqiqme.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igkiociagqsacmwa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isemauqkwwiumyky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgmyeeguweaukuke.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywqiciegywcouoiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: caceukeeygaaqaec.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oeooiqokqsqcsaig.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoqayemwgmsyuimi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuqggcwmoscwykwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omsqkuiwcwoegooq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggmwwewskeiggosq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iagmkeayqmuowswy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgukewuuykmmkgeq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: woeamasicuiqyckq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwmaokcmiwuqqyes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: giscmywoiaqmqcmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ygucsucmagwqsqcu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyocwswugeiqqyoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: woceumwmwioocusa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcesagqugouwkqyg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aawqwccomcemcysm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eyoyssauceguqwmk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iqqeoamqwiuiyuua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kocgeaeoakgqewog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skgcsksqyekiymii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmyukmsqamgicqai.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eyoyiqskiciwwoyw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ucyoqcksaiiwgqae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ososwckwcqmmwqcy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cgeewuguwiikcwug.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywkamsiogkycyosy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmeuqmoaekswggoe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koiugmaqgkawaiyw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqukwaogqoucsaas.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcqkucqkogqiuukw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mygiqcqokowwmgqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aqiwocaywcswuwsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cuccygameukkeumw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuoqgwooymgsqaum.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sagymwuwgeucsmac.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ysoqqwckkqssyigm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iqmeccigieosgmwq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecsamoyaimquqwow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wmgeoqqiwqcmimwu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ceeomiecgymecgau.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goicqsmskkygkkka.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymygkkggyigeqcqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mgeycqkiwggsymyc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiswcssocuqsaqkq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwcaikouwwekssco.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gakowseyscmeqkya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esiaisyasoaoqwki.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyogquqkmyqwwkuq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: giuccqyqokookyue.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skyqsyyymyacyayc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qceawaaswmsuekmu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukeoemaaimqyuais.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eyoaceoookqskqmy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyekqyccewougasu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qusmiuqmmgqsgeci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukicsmiwggcwksam.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyaqqeamygmakcgo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qucyaygweeasqeoy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: guimuaoiecmouigq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ygooiessycewaocg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igaiseoqksuoukqg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: miigookwguakmkeu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mssaogwocegysoow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oywgqkusocouysua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: quoqoooiamqkkosc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekcwemuekgqsimae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: msyecoiqeyqeiquy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ygesoycecmkuwayg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omgcoecwsqiuqyug.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggicikyqcaiyguee.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: owaaygsacguucaye.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekiwqiyewuiqoemo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqoaumkywacmuwwm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mgseamqmgkqcuewy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyaikmkkowcqemsi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgqyouayikuyuqmk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yessywkwcwmyewqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ewueyekksqksycww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wikiagqsmeeaeegy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sgsasqgwayeckgoy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqioykeogcwkowgq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: giqukkwwcwgqcisg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ucwesqiquqggymqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywyawywiuyecuiuu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: masegmsiqgamiugm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaoweoyqcuuykwgu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iygukwyuqwiuoqmi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqoceoymymoicqky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isaeicumkcuwqmqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smckcsaioceiyasu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyemsyoimicqmais.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iaueigwgocakgsku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqakguiwiqacqiwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ikwyooieywakeqog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wsaekoiomeagsaes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyqaqqcqamemsiog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wockoyekyageakcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isceiesauogasmoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukaiiiyqoooycyqm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gcwequgwyimwymsa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ssmkyomikukusksu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqgwaamacqweiwie.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: akuyqkmomwqyiyow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iagisciiyoemgwaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mgiwaegaqyyaakwy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iqcqqquiwomgsmma.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sauygqecsusickcu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqyyguuwsyqaqgsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osyqameakgkceeog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: owoksuegymmgesys.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: maiyuocqqiqiiskw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wucwykasawokemaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ceoqyeiycqkumwao.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgkmsekougssaawq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: suagiqkqmkgysmiw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoosomigeaiewqom.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykqocceawkwoagmc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiaiwegmqcmwcouw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: coayaokeissieqcc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aweqoooqomueeiwi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qimmkmaumumswocw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smwywssyyaciqkae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: muwqwgaaymomgwmi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uokqeaieowiogsgc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyswykkcmggyiqwo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: imigkomgmqgmakqk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omasqkwqyskcagwi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: auuisqaykqgeesae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eyiyueewuaqmmwcm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cseksqccmgaieyic.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: myisokqwsmqeusuy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mocikyoeikocwkuc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wueossewygqoakoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqouwceoowyiwgag.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ewacuagosgqmuocm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywegqamoegumacgi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acqaagqgmsmeouce.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koioiiwouukqousy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekgqymkkqiwogqsy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ewywcoeukaoaegci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcyoeiykekuqkkmg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oewuwcsmaacckewa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kigcewceemkckeow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymmcwogyimsuqmcc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwcyyawigmwceaqi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kkwkgmcoawgaoiwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sgigamoeiwksoecq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acemcwecgiqcukys.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wmqcgwcegsomeqas.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awyomscgweuqmgaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cogsyycsuwoysugi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqocoeikiyacyuck.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cykgmsqcgysgaioo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aikmouciiqgecoqi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcwcgegyyieaoqca.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekqyosgcumkcecmo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqmicqemgcgieoau.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgswkwaesqqwkoaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqqsggacauiiugka.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcyksokwumicscaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isukyiwyscosaaqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eigkgwkyuqssgamw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uowowiqiyeiuwmcc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eswweuycwwiiykwo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyqcacmsiquuwggq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oeegecksewamggaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggkyecqguqkkuoso.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uecouukwkuceyuwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cekggiciueyeyoku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: quuemeewaqaiiyqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: immcqsiceooqyaay.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ososokqeakgguwsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: csiykwakekqoqaym.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qckwwsmukogkeuge.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goguooqkgysueime.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igmqooiwioymwkcm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuuiumemmigyyauq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwaywmaequkqccai.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyuaqococuqcsgii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqysoaosqewciiww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmiowgeswucumqae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acgcaiyykiigugms.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iaawaweqwceogamg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiywykakusaygisc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwoyamckoqoaauoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqmsgskwgemyueya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaisoawuoicqsumy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smisyqewaummmwoc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yquocucuqoywwcsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qumssmeysccykkyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gmcqgmkyguwkskyg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcsqwmkusesaccwa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecmckkeyoskcigeu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uceaygkekiassamu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smaaowemwiwggocu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aueiqscgeicewaoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyusosuyycoeikgo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: quyckaioggawuois.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmisquwegymayaee.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ieuaeqceycqyqygk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyyyokugycioysok.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gmooqswyuuqaiomi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osaeyoiqoqawauga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmiugosumuqmuqoc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymqaaskiwomkucuy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqmeimmouegoasay.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqacqgmiaaewmmey.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykeaoyaycoiamqey.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymseciekayuweoww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aiyksmkyqgyaemiw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwywqgsmgaoiwsga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: okgeqaswygsgykme.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acwomuuukiomgqkm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacgceaygaecuguy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiyggmguowygeooc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: suwkomiqcykeyako.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keckssemmeoqieqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuokiysmiucoucak.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggqgwuaseamkyywa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ommwaqgaemsmcqwc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyqweoyukcewugsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyawyckqggkwsyoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gusmkkaiomeeqaiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykocagogmeiwmymy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iygsiugeeogoeiyi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awgyuqqswicwkqcs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esyiocqieemagwmo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uwoyyqgiwowysqou.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: okoguckagygoqqgk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqqkagyoymmosuyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keosqeosukqcooco.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gcmiymmqgwuquokm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uygmgoymcwcgkios.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qciqgoeogwwmwkcw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: muiccguyaeaqwweg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waeqkmeeasauygum.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waqcciyigkuoygqy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keykoekseemyiewq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgcaouuqqqwucogy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiuswcgwaqgemwcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: semyssioekmosauo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqsamcsauqiagmma.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqummowmqwcgsegm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymuiggyusggsymoi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqkkkcuwkiqiecac.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyygagweoagcuqky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: imuscegymggagewg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: miacggmycyqikoyq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aiiqyyikowqaygwy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: imgeoyougkmmeuec.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igywsgwooemqiuss.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyqqgacqkowwkqqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: immyecuqwkiyscys.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eiqqequeskcqiqmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: myymasomksgeawqw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqueagsoikuyocca.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoscugususamokuy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qoowyoueaaaccgqs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mumuqocoisaucwmq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiccyamsgmuqoeoy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waqmyueimmyiuawq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cycscsqyqkeaykgc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mayykkuyeuiggyws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcwcksiayqqmwssm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukyokaigmmkumgoa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: momoqikcaksewaua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ikoqkscwsowwukmi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiguisuayimaukgu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cykgucwkesokooyw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekacwgokqcscqysi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecmyomcaicqysoqw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sasqgsyksiccuuws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uogksceymossmmqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aauquiiqeugcwswc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykomskascimimomo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aksuakswwkiimamq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwogawueykiiumao.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qigcqiaomwieqwka.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykaimcgigakggwec.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uccsgcekiwcyucou.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skssioqkemoiieaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoymcmmeqqqgwwca.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwikoqqgiayyuakq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcoysaaooaiccqyu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ikwyuqgsegcgcccg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cmqqeimyycgqwsgg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koaeaguekwcaousw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uykkwkqqemamguwa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: akueuaicusaoieiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: csmasucykosuwouy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqoemaogyoikomiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: seoomaqwwimwueiw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqegmuqkgyaywwmc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esimsqgcwwwmyoqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: seeogeqwsqmsoaqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ikgkgaaqqsmomuim.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kkcqgowgkcoyokcu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ucmioacycscyeouk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uwwcocucusmeguaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwyooeiscmwguqms.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ieqeeiggkuqcomyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: comuwmkimocayeeu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqeugeoquqsokgqk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osaymwoggqqycmse.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awwomgcseeqwkkom.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: csoqiicgaaiyyoom.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cmukociggiqcouio.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aqgmgoqcoqqkguyk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cymogqmasaiiwmww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyyukyomsoiqyyqa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uwimwwicgcscuoku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keguuyioweymiaws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omgooecquoweeomo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qigismmgwsiseyuu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuiqsugkqeoscguo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggeqowwmmmeekigg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wukaqiusicksuguo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uowgcyqcgaqiumoi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ieikmuieoqqmugwu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcwaiaiqiwcakawa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aaiouwywwcwuuasm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gceesusqmuockkgw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: equmqmqwuuuioawa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgkgogieieoomkqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuywuskkgqsigqqs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aosywgkogcissggi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kimakioiwmawksiw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukekykoqskumoikg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: myoyccuwcyaygceg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iacisiamimiiqyeo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gcikuiqswcgsscog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymsaymyugccysmow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awasockiaymagmci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyimcoiwgckeakcm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqsakkimkesccikc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqmycgagykgkqwsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uwgicagyykoommga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aomaeyokqgsuomii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ssagiiaauyewiswa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcygacuamqqugcck.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yewomygmueegmoqi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecgkeyeueawgcuqo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyyamqygcecqocmq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keoqiqigggqkcykq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oeakuqueisysswcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wogawoqysgiockwa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mgwmkyyqckeewgce.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smoswyoekkccyuga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgyimykogekgewoa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koecgqggegimaeya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qumaseqmggyaiauq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgwkkkyicoqmooqu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aaeqiiecqqumcgky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: okkyekwuommcicqi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iymukyseoieqccac.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goeykqccmemkswom.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: moiimkscmiswaesw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecqisawmymscauow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qascmswkaisogoaq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiomcwmascsigags.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ucuiiwcwwgimkyyi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ysiwwoeeaaskykaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuiomoiwauwckqeq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymeiqyyqqyaaygie.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mismuqiygyeysaoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uiguoqqagkiuagyc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyyagyakeciucagk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osmoygyawqmmimkq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecimsaauyieykegi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmymmauyiiksiugu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wmoamsauiwauoosg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiewcykmuuacuoyk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omuquowgiusiesgk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: caysswwugsmkeksw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwuuwgemogmuomwq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esuyiyesukcuoico.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waqucgoeeeeymeii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: csmgwcogqqcwseka.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uymiagmwmqmimewm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mywaqkeaawisisky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: saumycuogqsqykes.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuyoukwwacqkcoyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qogsmcecyusiyaim.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oekcyqqggaegsesm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwqsoyoqkymakowm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smwsugycuuckemue.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: syaouwwyoaemeekm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgymkeismmiemsqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aawiysageawcoyok.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: maoeeogmuauywsyu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mueuwcqsioowsmce.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgesgakysuqaewik.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqciawooemoueyqu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ceucuuwiwwuiweaq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aqaqgemescmwsqks.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kccmicaswqmswwak.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqoawmqqwqcusmee.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ssegwgieumyoasym.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ueaokkmeuioagwuc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uoigsiqmemcscosu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cauewwukyywyqiei.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiqueqokwqqgwwci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ieywwkeuouoqgqms.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sksiyqgummyycgmi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyemcqwkasuimkgs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwmcuwccqmuecgea.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ysawassgkwqygmmq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ywcuqkkmmqioiwqk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yyacmosgygqayqys.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: owewoieiwasaueco.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uccyyemqaiiksuwm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oekyamueeiiousia.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yekiwquqaacesqqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eeoeukoqgiwsumsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aamuskacaaiycguu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goiikukwyyauemqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aiumyocycyyikiwc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waokmuyyeooamowm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wacqigcacsemkyos.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: auowmussgaesgwas.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmygsewuukqkiiok.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: muuagqkickggsewc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aqmqywkwsmmayyoi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sesyieaiesegeaow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wcgqccqcugomywua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggkyuooyikmqoscw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gmwcscokucowyogs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykuoaucocogcwoky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cuaumuqcoeegomsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osoawyeyassgycgy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwyougsgeaaoiumg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yequgaccqouegcmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqqmeagkkosgcayo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iykumkamcykgicyi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: waeqwwagawqkksya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kecgikusmakuksma.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qoiiomimuoaqgeku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ocsqocikkcggeaaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uksgyqiqaaiaiesi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uiggameqqycugsqw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acacoiqgoimayqwm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqcakkmwigkaumii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igeqissugeuswaus.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iqcaysimoeeqamky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uiwwamyuymycooey.xyz replaycode: Name error (3)

Connects to many different domains

Source: unknown

Network traffic detected: DNS query count 9650

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.5:51602 -> 1.1.1.1:53

Executes massive DNS lookups (> 100)

Source: global traffic

DNS traffic detected: number of DNS queries: 9650

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 20.25.227.174 20.25.227.174
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3
Source: Joe Sandbox View	IP Address: 13.107.246.57 13.107.246.57

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: GLESYS-ASSE GLESYS-ASSE

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /ppsecure/deviceaddcredential.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 7642Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 746Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5Ijoib0xRbzJSNm5JbFcyN0dlcm5BNEhTUT09IiwgImhhc2giOiI3UnZ3b3I0Tyt4cz0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "636976985063396749.rel.v2"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730377764&P2=404&P3=2&P4=BhynJaonj5B6%2fy2xjoecCMSr04rgIsrqM%2fiTbVToRVtUhf%2bhaFVIIDK0X0It4PoRcanpU2c15i0U66uS5o4ASw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: a50w/oBTBrB+E1eW6SnOGnSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/browser/edge/data/settings/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 718Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoianJOSlNGYWxKOHY4MC9iNXUzeG9rZz09IiwgImhhc2giOiJhVUpUS0lxRzllaz0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "2.0-0"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: /User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
Source: global traffic	HTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 476Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.45

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=82kz6f5GUMhaK1z&MD=WzodfhpS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730377764&P2=404&P3=2&P4=BhynJaonj5B6%2fy2xjoecCMSr04rgIsrqM%2fiTbVToRVtUhf%2bhaFVIIDK0X0It4PoRcanpU2c15i0U66uS5o4ASw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: a50w/oBTBrB+E1eW6SnOGnSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=82kz6f5GUMhaK1z&MD=WzodfhpS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /api/client_hello HTTP/1.1Accept: /Connection: closeHost: ygiqycocskiqysoa.xyz:443User-Agent: cpp-httplib/0.12.1
Source: global traffic	HTTP traffic detected: GET /api/client_hello HTTP/1.1Accept: /Connection: closeHost: ygiqycocskiqysoa.xyz:443User-Agent: cpp-httplib/0.12.1

Source: 000003.log4.15.dr, uu_host_config.15.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log4.15.dr, uu_host_config.15.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log4.15.dr, uu_host_config.15.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.docusign.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: ygiqycocskiqysoa.xyz
Source: global traffic	DNS traffic detected: DNS query: eyoyiqskiciwwoyw.xyz
Source: global traffic	DNS traffic detected: DNS query: ueaokkmeuioagwuc.xyz
Source: global traffic	DNS traffic detected: DNS query: wiaiwegmqcmwcouw.xyz
Source: global traffic	DNS traffic detected: DNS query: muuagqkickggsewc.xyz
Source: global traffic	DNS traffic detected: DNS query: uyicacsgusyikwmy.xyz
Source: global traffic	DNS traffic detected: DNS query: qcwcksiayqqmwssm.xyz
Source: global traffic	DNS traffic detected: DNS query: ekacwgokqcscqysi.xyz
Source: global traffic	DNS traffic detected: DNS query: esuyiyesukcuoico.xyz
Source: global traffic	DNS traffic detected: DNS query: oeegecksewamggaa.xyz
Source: global traffic	DNS traffic detected: DNS query: yyacmosgygqayqys.xyz
Source: global traffic	DNS traffic detected: DNS query: cgeewuguwiikcwug.xyz
Source: global traffic	DNS traffic detected: DNS query: qckwwsmukogkeuge.xyz
Source: global traffic	DNS traffic detected: DNS query: keoqiqigggqkcykq.xyz
Source: global traffic	DNS traffic detected: DNS query: kqsamcsauqiagmma.xyz
Source: global traffic	DNS traffic detected: DNS query: mocikyoeikocwkuc.xyz
Source: global traffic	DNS traffic detected: DNS query: uymiagmwmqmimewm.xyz
Source: global traffic	DNS traffic detected: DNS query: gcikuiqswcgsscog.xyz
Source: global traffic	DNS traffic detected: DNS query: qwmaokcmiwuqqyes.xyz
Source: global traffic	DNS traffic detected: DNS query: igaiseoqksuoukqg.xyz
Source: global traffic	DNS traffic detected: DNS query: kqukwaogqoucsaas.xyz
Source: global traffic	DNS traffic detected: DNS query: miacggmycyqikoyq.xyz
Source: global traffic	DNS traffic detected: DNS query: woceumwmwioocusa.xyz
Source: global traffic	DNS traffic detected: DNS query: acgcaiyykiigugms.xyz
Source: global traffic	DNS traffic detected: DNS query: cogsyycsuwoysugi.xyz
Source: global traffic	DNS traffic detected: DNS query: oekyamueeiiousia.xyz
Source: global traffic	DNS traffic detected: DNS query: wukaqiusicksuguo.xyz
Source: global traffic	DNS traffic detected: DNS query: yyusosuyycoeikgo.xyz
Source: global traffic	DNS traffic detected: DNS query: kqoceoymymoicqky.xyz
Source: global traffic	DNS traffic detected: DNS query: uykkwkqqemamguwa.xyz
Source: global traffic	DNS traffic detected: DNS query: oyekqyccewougasu.xyz
Source: global traffic	DNS traffic detected: DNS query: ymsaymyugccysmow.xyz
Source: global traffic	DNS traffic detected: DNS query: omuquowgiusiesgk.xyz
Source: global traffic	DNS traffic detected: DNS query: wiywykakusaygisc.xyz
Source: global traffic	DNS traffic detected: DNS query: aqmqywkwsmmayyoi.xyz
Source: global traffic	DNS traffic detected: DNS query: cuccygameukkeumw.xyz
Source: global traffic	DNS traffic detected: DNS query: ukekykoqskumoikg.xyz
Source: global traffic	DNS traffic detected: DNS query: uyqcacmsiquuwggq.xyz
Source: global traffic	DNS traffic detected: DNS query: ysoqqwckkqssyigm.xyz
Source: global traffic	DNS traffic detected: DNS query: yyemsyoimicqmais.xyz
Source: global traffic	DNS traffic detected: DNS query: miigookwguakmkeu.xyz
Source: global traffic	DNS traffic detected: DNS query: qiuswcgwaqgemwcg.xyz
Source: global traffic	DNS traffic detected: DNS query: wuusiiukmwcmimyk.xyz
Source: global traffic	DNS traffic detected: DNS query: uqyukkamycuaimsu.xyz
Source: global traffic	DNS traffic detected: DNS query: woeamasicuiqyckq.xyz
Source: global traffic	DNS traffic detected: DNS query: akaueuwoocwkkoya.xyz
Source: global traffic	DNS traffic detected: DNS query: qciqgoeogwwmwkcw.xyz
Source: global traffic	DNS traffic detected: DNS query: ucwesqiquqggymqe.xyz
Source: global traffic	DNS traffic detected: DNS query: mgseamqmgkqcuewy.xyz
Source: global traffic	DNS traffic detected: DNS query: gaoweoyqcuuykwgu.xyz
Source: global traffic	DNS traffic detected: DNS query: oqegmuqkgyaywwmc.xyz
Source: global traffic	DNS traffic detected: DNS query: qusmiuqmmgqsgeci.xyz
Source: global traffic	DNS traffic detected: DNS query: yqcakkmwigkaumii.xyz
Source: global traffic	DNS traffic detected: DNS query: qokykyyigsyqggqe.xyz
Source: global traffic	DNS traffic detected: DNS query: cyyyokugycioysok.xyz
Source: global traffic	DNS traffic detected: DNS query: iqcaysimoeeqamky.xyz
Source: global traffic	DNS traffic detected: DNS query: yekiwquqaacesqqq.xyz
Source: global traffic	DNS traffic detected: DNS query: gmooqswyuuqaiomi.xyz
Source: global traffic	DNS traffic detected: DNS query: kuiomoiwauwckqeq.xyz
Source: global traffic	DNS traffic detected: DNS query: ceucuuwiwwuiweaq.xyz
Source: global traffic	DNS traffic detected: DNS query: cycscsqyqkeaykgc.xyz
Source: global traffic	DNS traffic detected: DNS query: ssagiiaauyewiswa.xyz
Source: global traffic	DNS traffic detected: DNS query: ggwsuoyyioagegkw.xyz
Source: global traffic	DNS traffic detected: DNS query: ieikmuieoqqmugwu.xyz
Source: global traffic	DNS traffic detected: DNS query: kcqkucqkogqiuukw.xyz
Source: global traffic	DNS traffic detected: DNS query: oqouwceoowyiwgag.xyz
Source: global traffic	DNS traffic detected: DNS query: gakowseyscmeqkya.xyz
Source: global traffic	DNS traffic detected: DNS query: quisoakcuqsygyyc.xyz
Source: global traffic	DNS traffic detected: DNS query: auuisqaykqgeesae.xyz
Source: global traffic	DNS traffic detected: DNS query: iyawyckqggkwsyoq.xyz
Source: global traffic	DNS traffic detected: DNS query: ecmyomcaicqysoqw.xyz
Source: global traffic	DNS traffic detected: DNS query: iqcqqquiwomgsmma.xyz
Source: global traffic	DNS traffic detected: DNS query: ssegwgieumyoasym.xyz
Source: global traffic	DNS traffic detected: DNS query: ceeomiecgymecgau.xyz
Source: global traffic	DNS traffic detected: DNS query: myisokqwsmqeusuy.xyz
Source: global traffic	DNS traffic detected: DNS query: ywkamsiogkycyosy.xyz
Source: global traffic	DNS traffic detected: DNS query: ggkyecqguqkkuoso.xyz
Source: global traffic	DNS traffic detected: DNS query: kcyoeiykekuqkkmg.xyz
Source: global traffic	DNS traffic detected: DNS query: ikwyuqgsegcgcccg.xyz
Source: global traffic	DNS traffic detected: DNS query: wgswkwaesqqwkoaa.xyz
Source: global traffic	DNS traffic detected: DNS query: eqkkkcuwkiqiecac.xyz
Source: global traffic	DNS traffic detected: DNS query: kigcewceemkckeow.xyz
Source: global traffic	DNS traffic detected: DNS query: ykaimcgigakggwec.xyz
Source: global traffic	DNS traffic detected: DNS query: uceaygkekiassamu.xyz
Source: global traffic	DNS traffic detected: DNS query: seioywksogeseqig.xyz
Source: global traffic	DNS traffic detected: DNS query: ssoqscyewimqiqme.xyz
Source: global traffic	DNS traffic detected: DNS query: kocgeaeoakgqewog.xyz
Source: global traffic	DNS traffic detected: DNS query: kuiqsugkqeoscguo.xyz
Source: global traffic	DNS traffic detected: DNS query: kcsqwmkusesaccwa.xyz
Source: global traffic	DNS traffic detected: DNS query: ywyawywiuyecuiuu.xyz
Source: global traffic	DNS traffic detected: DNS query: uowowiqiyeiuwmcc.xyz
Source: global traffic	DNS traffic detected: DNS query: uokqeaieowiogsgc.xyz
Source: global traffic	DNS traffic detected: DNS query: ikoqkscwsowwukmi.xyz
Source: global traffic	DNS traffic detected: DNS query: iymukyseoieqccac.xyz
Source: global traffic	DNS traffic detected: DNS query: qascmswkaisogoaq.xyz
Source: global traffic	DNS traffic detected: DNS query: gacgceaygaecuguy.xyz
Source: global traffic	DNS traffic detected: DNS query: eqyyguuwsyqaqgsq.xyz

Source: unknown

Source: Reporting and NEL.16.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.15.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.15.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.15.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.15.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 37dd7b55-80b1-4cbf-9779-3fbcf90e6cb9.tmp.16.dr, 95bb2ac2-5b86-4f21-b08e-63b020cb373b.tmp.16.dr, abb8c802-0d88-425c-8f94-6e1435bed519.tmp.16.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.15.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: abb8c802-0d88-425c-8f94-6e1435bed519.tmp.16.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.15.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.15.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.15.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.15.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.15.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 37dd7b55-80b1-4cbf-9779-3fbcf90e6cb9.tmp.16.dr, 95bb2ac2-5b86-4f21-b08e-63b020cb373b.tmp.16.dr	String found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?assetgroup=Addre
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log3.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 000003.log4.15.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.15.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: Session_13374246561513597.15.dr	String found in binary or memory: https://www.docusign.com
Source: 000003.log7.15.dr	String found in binary or memory: https://www.docusign.com/
Source: Favicons.15.dr	String found in binary or memory: https://www.docusign.com/favicon.ico
Source: History.15.dr	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
Source: History.15.dr	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf/
Source: cmd.exe, 00000009.00000002.2282871581.00000000029B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf;g
Source: cmd.exe, 00000009.00000002.2282871581.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2282509135.00000000005A0000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.2282509135.00000000005A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfC:
Source: Session_13374246561513597.15.dr	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfd
Source: cmd.exe, 00000009.00000002.2282741758.0000000002890000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfindows
Source: cmd.exe, 00000009.00000002.2282871581.00000000029BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfq
Source: cmd.exe, 00000009.00000002.2282871581.00000000029BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfyg
Source: content.js.15.dr, content_new.js.15.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.15.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 37dd7b55-80b1-4cbf-9779-3fbcf90e6cb9.tmp.16.dr, 95bb2ac2-5b86-4f21-b08e-63b020cb373b.tmp.16.dr	String found in binary or memory: https://www.googleapis.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 57187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 58718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 51032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 56423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 59517 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62619
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 62631 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 56422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59506 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62623
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62625
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62626
Source: unknown	Network traffic detected: HTTP traffic on port 56411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56194
Source: unknown	Network traffic detected: HTTP traffic on port 57175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62628
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62629
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56191
Source: unknown	Network traffic detected: HTTP traffic on port 58730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 51031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62620
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62621
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 56421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 54985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59507
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59506
Source: unknown	Network traffic detected: HTTP traffic on port 58728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59509
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59508
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59502
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59505
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59510
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59512
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59511
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 56409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 63267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59517
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59519
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59513
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59516
Source: unknown	Network traffic detected: HTTP traffic on port 51022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59515
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59521
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59523
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59522
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59529 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 57185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59529
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59528
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59507 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59525
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59527
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59526
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59532
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59531
Source: unknown	Network traffic detected: HTTP traffic on port 56410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59530
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 52782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 59519 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59531 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59497 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52778
Source: unknown	Network traffic detected: HTTP traffic on port 62626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52779
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52773
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52777
Source: unknown	Network traffic detected: HTTP traffic on port 56192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52775
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52780
Source: unknown	Network traffic detected: HTTP traffic on port 54675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61365
Source: unknown	Network traffic detected: HTTP traffic on port 52780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 58733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52787
Source: unknown	Network traffic detected: HTTP traffic on port 59520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52786
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52791
Source: unknown	Network traffic detected: HTTP traffic on port 56184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53806
Source: unknown	Network traffic detected: HTTP traffic on port 59509 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59521 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50532
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57176
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62631
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62632
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57188
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57185
Source: unknown	Network traffic detected: HTTP traffic on port 58719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57187
Source: unknown	Network traffic detected: HTTP traffic on port 52789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57181
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57182
Source: unknown	Network traffic detected: HTTP traffic on port 59532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57183
Source: unknown	Network traffic detected: HTTP traffic on port 59496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59499
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59498
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59495
Source: unknown	Network traffic detected: HTTP traffic on port 57182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59497
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59496
Source: unknown	Network traffic detected: HTTP traffic on port 59510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51029
Source: unknown	Network traffic detected: HTTP traffic on port 62624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51024
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51022
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51027
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51026
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51031
Source: unknown	Network traffic detected: HTTP traffic on port 58735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63262
Source: unknown	Network traffic detected: HTTP traffic on port 59522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51032
Source: unknown	Network traffic detected: HTTP traffic on port 56416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54672
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59511 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65331
Source: unknown	Network traffic detected: HTTP traffic on port 54672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54676
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54675
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54674
Source: unknown	Network traffic detected: HTTP traffic on port 59523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54673
Source: unknown	Network traffic detected: HTTP traffic on port 56417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54679
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54678
Source: unknown	Network traffic detected: HTTP traffic on port 59500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54677
Source: unknown	Network traffic detected: HTTP traffic on port 59499 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63266
Source: unknown	Network traffic detected: HTTP traffic on port 56187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54983
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54988
Source: unknown	Network traffic detected: HTTP traffic on port 59501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54985
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54991
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50271
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50273
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54992
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59513 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58739
Source: unknown	Network traffic detected: HTTP traffic on port 51029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58732
Source: unknown	Network traffic detected: HTTP traffic on port 59502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58735
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58734
Source: unknown	Network traffic detected: HTTP traffic on port 57178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443

Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.140:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:56185 version: TLS 1.2

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4f9ae8.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{F9C6748C-CCEB-467C-97E9-5668D393FD5A}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9BF1.tmp	Jump to behavior

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00165010	14_2_00165010
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00151000	14_2_00151000
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00155480	14_2_00155480
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015FCB0	14_2_0015FCB0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_001640B0	14_2_001640B0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_001604F0	14_2_001604F0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00151D20	14_2_00151D20
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00164520	14_2_00164520
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00152540	14_2_00152540
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015AD80	14_2_0015AD80
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00161220	14_2_00161220
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00161A70	14_2_00161A70
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00160AE0	14_2_00160AE0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00166750	14_2_00166750
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00152B70	14_2_00152B70
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00162760	14_2_00162760
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015D390	14_2_0015D390
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015BB80	14_2_0015BB80
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015EBA0	14_2_0015EBA0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_001793F0	14_2_001793F0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015F3E0	14_2_0015F3E0

Source: classification engine

Classification label: mal52.troj.winMSI@67/263@14294/13

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7a0509b1-cb51-41b2-aad1-93b6a8650624.tmp

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5348:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6044:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6460:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF96D373F5D81D918F.TMP

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File read: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\msiwrapper.ini

Jump to behavior

Source: C:\Windows\SysWOW64\icacls.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F80F04059A34389A19F284A67FC6C1A0
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
Source: C:\Windows\SysWOW64\expand.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start msedge https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,15647764564756783945,3454586451567305123,262144 /prefetch:3
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe" /VERYSILENT /VERYSILENT
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7508 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:6
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7092 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7920 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F80F04059A34389A19F284A67FC6C1A0	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\." /SETINTEGRITYLEVEL (CI)(OI)HIGH	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start msedge https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe" /VERYSILENT /VERYSILENT	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,15647764564756783945,3454586451567305123,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7508 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:6	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7920 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7092 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7920 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144 /prefetch:8	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\icacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: dpx.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: wdscore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File written: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\msiwrapper.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: setup.msi

Static file information: File size 2019328 > 1048576

Source:

Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: setup.msi, 4f9ae8.msi.1.dr, MSI9BF1.tmp.1.dr

PE file contains sections with non-standard names

Source: 9f37ff0b24a06043980c7f30b5188b3b.tmp.6.dr	Static PE information: section name: .00cfg
Source: 9f37ff0b24a06043980c7f30b5188b3b.tmp.6.dr	Static PE information: section name: .voltbl

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00167410 push eax; mov dword ptr [esp], ecx	14_2_00167413
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0016BC4D push EBC8440Fh; iretd	14_2_0016BC80
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0016B093 push EBC8440Fh; iretd	14_2_0016B0A0
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015C487 pushfd ; ret	14_2_0015C492
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0015C504 pushfd ; ret	14_2_0015C492
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_00168133 push EBC8440Fh; iretd	14_2_00168140
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_0016B333 push EBC8440Fh; iretd	14_2_0016B340
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_001683E3 push EBC8440Fh; iretd	14_2_001683F0

Source: 9f37ff0b24a06043980c7f30b5188b3b.tmp.6.dr

Static PE information: section name: .text entropy: 7.020203961527579

Drops PE files

Source: C:\Windows\SysWOW64\expand.exe	File created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\af349e1bd38449778cfe9266be870cd2$dpx$.tmp\9f37ff0b24a06043980c7f30b5188b3b.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\expand.exe	File created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9BF1.tmp	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\MSI9BF1.tmp

Jump to dropped file

Uses cacls to modify the permissions of files

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\." /SETINTEGRITYLEVEL (CI)(OI)HIGH

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Thread delayed: delay time: 600000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Thread delayed: delay time: 599991			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Window / User API: threadDelayed 621	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Window / User API: threadDelayed 6567	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Window / User API: threadDelayed 1666	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe

Dropped PE file which has not been started: C:\Windows\Installer\MSI9BF1.tmp

Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe

API coverage: 8.0 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 165 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep time: -99000000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 160 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 621 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep time: -599991s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 6567 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 1666 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe TID: 6968	Thread sleep count: 140 > 30	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Thread delayed: delay time: 600000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Thread delayed: delay time: 599991			Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\	Jump to behavior

Source: Web Data.15.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Web Data.15.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: Web Data.15.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.15.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.15.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: Web Data.15.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.15.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.15.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: setup.exe, 0000000E.00000002.5153757812.0000000000979000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.15.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.15.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.15.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.15.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.15.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.15.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.15.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Web Data.15.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.15.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.15.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe

Code function: 14_2_002B685A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

14_2_002B685A

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002C2636 mov eax, dword ptr fs:[00000030h]	14_2_002C2636
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002B4048 mov eax, dword ptr fs:[00000030h]	14_2_002B4048
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002C2605 mov eax, dword ptr fs:[00000030h]	14_2_002C2605

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002AE83B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		14_2_002AE83B
Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe	Code function: 14_2_002B685A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		14_2_002B685A

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\." /SETINTEGRITYLEVEL (CI)(OI)HIGH	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start msedge https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe" /VERYSILENT /VERYSILENT	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe

Code function: 14_2_002AF73A GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

14_2_002AF73A

Source: C:\Windows\SysWOW64\expand.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1541162
Product:	CloudBasic
Start time:	14:28:01
Start date:	24.10.2024
Sample:	setup.msi
Cookbook:	defaultwindowsofficecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	d76a468a9012e63f24b706c3517c877e
SHA1:	1aa6752889be7d67dd3f152980ea04c063e04ad0
SHA256:	bdd01ab5e2001be0ccda94e6f70c2ac850a8652b1eba734f285f24dd0f810255
Filetype:	Generic OLE2 / Multistream Compound File (8008/1) 100.00%

Windows Analysis Report
setup.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report setup.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
setup.msi