Windows Analysis Report
Mortgage Calculator and Comparator.xlsx

Overview

General Information

Sample name: Mortgage Calculator and Comparator.xlsx
Analysis ID: 1541255
MD5: c29f73edea517836cce09300b58b8b1c
SHA1: b338d8ebcce01887972df73f060034b9466f55f3
SHA256: f8097b190a9ee64c31755361f50b48ba2093c1bbce93d673f29a1bcd7dc7e06a
Infos:

Detection

Score: 7
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains more sections than normal
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Source: http://www.excelworks.co.uk/ HTTP Parser: No favicon
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49746 version: TLS 1.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_117410516\LICENSE.txt Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.5:49927 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49944 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.5:50013 version: TLS 1.2
Source: Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.8.dr
Source: Binary string: C:\b\s\w\ir\x\w\rc\cdm\protected\out\Release\widevinecdm.dll.pdb source: widevinecdm.dll.8.dr
Source: excel.exe Memory has grown: Private usage: 2MB later: 81MB
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.5:53671 -> 1.1.1.1:53
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.107.253.45 13.107.253.45
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49746 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/html; charset=utf-8Content-Length: 5822Connection: keep-aliveKeep-Alive: timeout=15Cache-Control: privateContent-Encoding: gzipVary: Accept-EncodingServer: Microsoft-IIS/10.0X-AspNet-Version: 4.0.30319X-Powered-By: ASP.NETDate: Thu, 24 Oct 2024 14:18:48 GMTData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 7e e3 e4 f1 ef fa f4 cb 93 37 bf cf cb d3 74 de 2e ca f4 e5 57 4f 9e 9f 9d a4 1f 6d df bd fb dd 7b 27 77 ef 3e 7d f3 34 fd bd bf fd e6 8b e7 e9 ee 78 27 7d 53 67 cb a6 68 8b 6a 99 95 1f a5 1f cd db 76 f5 e8 ee dd ab ab ab f1 d5 bd 71 55 5f dc 7d f3 ea ee 3b c0 d9 c5 8b fa eb 76 eb bd 35 9e b5 b3 8f 8e a8 5b 7c 95 be 5b 94 cb e6 b3 08 9c dd 87 0f 1f ca eb 1f a5 d4 fa c7 1e cf f3 6c 96 16 b3 cf 3e fa 36 fd b2 fb d1 d1 e3 b6 68 cb 1c 5f 9d be 9b e6 65 fa dd aa 7e db a4 cf db 59 ba 9d ca 27 cd aa a6 a6 cd 3c cf db 74 96 37 c5 c5 32 fd 85 e9 4f 3e 39 4e 57 75 75 51 67 8b 45 b1 bc 18 a5 a7 cb 8b 32 5b ce d2 af 7e 2f c2 e9 ae 00 7d 5c 16 cb b7 e9 bc ce cf 3f fb a8 69 af cb bc 19 4f 9b e6 a3 b4 ce 4b f3 01 a0 7e 94 b6 d7 ab fc b3 8f da fc 5d 7b 97 1b dc 05 3e 3f f6 b8 99 d6 c5 aa f5 bf fd e9 ec 32 93 4f 3f 3a 4a d1 e6 c7 ce d7 cb 29 28 92 4e e7 d9 f2 22 3f 29 b3 a6 d9 2a 66 a3 74 8a df 5e 64 8b fc 4e fa 8b b9 e5 8f 15 e7 e9 d6 ac 9a ae 17 f9 b2 1d 5f e4 ed 69 99 e3 d7 27 d7 67 33 7a e3 4e fa bb 7e 96 2e d7 65 69 db ff d8 86 c6 63 0b fe 33 fb db a1 bc f6 4b f8 87 fc 6b b1 2b 96 4d 5e b7 df a6 79 a0 b7 47 29 26 e4 75 5b 13 e5 6c 6f df 28 76 c5 72 99 d7 e0 b6 cf 5c 4f 7d f4 1e df 15 5a 32 29 1f df 05 6b 80 f0 8f 27 d5 ec 3a 05 8f bc a9 56 4f e8 77 f0 19 b5 3e af ea 45 ba c8 db 79 45 5f ad aa 86 26 2e e3 d1 7d f6 d1 f8 ee 47 fc c2 22 6b da bc 7e 99 5d e4 78 e7 f1 ac b8 94 79 f8 ec a3 ac 59 bd c8 db 6f 17 b3 59 be e4 ef 8a e5 6a 6d e6 76 2e 1f a7 4b a2 e2 67 1f fd fe bf ff 4f 9e 9d 7e f7 f5 9b e3 37 a7 02 35 f8 e0 32 2b d7 d4 e8 ee d5 e9 cb a7 57 5f 7d e7 c5 d3 2f ae 5e bc f9 7d 76 bf 78 fa fb fc e0 e9 de 4f 7c f7 78 f1 fb bc fc a9 27 bf cf c9 f1 c5 17 fa f3 34 f8 f9 53 17 0f df 3e bb f8 ce 02 6d 9f 1c 9f 3d 79 fa ee f7 39 f9 f6 c5 ab af 7e ea f7 9e ef 3c 99 7c 71 fa f2 db 2f ae 7e 9f ef ee 5f 64 df fd 89 87 67 8b dd 72 b2 fc ea dd 59 f1 e4 a7 27 9f 3f fb c1 f4 07 3b c5 e4 bb 3f b9 9e fd e4 8b 72 f2 f9 4f fe f4 ec f3 9f 7c 7b f6 d3 f7 cf 26 7b bb e5 cb 93 87 3f 98 7e fe 6c fd b2 f8 a9 f5 ef b3 7c 71 f5 e5 bd ab c5 64 f1 9d 1f 4c 9f 36 07 d3 7b 4f e6 93 e2 c9 ea a7 9e ea fb 6f ce 8a 97 3f fd 6e 7e f6 f9 fc fa a7 be fb fb 3c 3c 2b f6 2f 7f ea f3 9f 5c fc 3e bf f7 4f 36 b3 93 fb 73 6a bf ff 92 de f9 a9 bd af 1e 7e 51 fc d4 7c f2 79 39 9f fe 60 f7 c9 ef b3 78 b8 3b 3b 79 f2 7a b2 37 2b a7 c5 93 33 6a bf 33 f9 fc ab 8b e7 af
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Length: 2065Connection: keep-aliveKeep-Alive: timeout=15Content-Encoding: gzipLast-Modified: Thu, 09 Feb 2017 14:33:46 GMTAccept-Ranges: bytesETag: "38ea485e182d21:0"Vary: Accept-EncodingServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 24 Oct 2024 14:18:48 GMTData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 fe c7 bf f7 1f 9c 54 b3 eb f4 17 ff c6 c9 8f 2d b2 fa a2 58 6e b7 d5 ea 51 ba b7 b3 7a 77 e8 3e 9b 54 6d 5b 2d 1e a5 bb e1 c7 65 7e de 3e 4a b3 75 5b 79 1f d6 c5 c5 dc fb 74 52 d5 b3 bc a6 57 57 ef d2 a6 2a 8b 59 5a 5f 4c b6 76 f7 0e 46 fa ff 3b 68 55 16 cb 7c 7b 9e cb ab bb e3 7b f7 f1 61 9b bf 6b b7 b3 b2 b8 58 3e 4a d1 15 3e bb cc eb b6 98 66 a5 f9 9c b0 c5 c7 e7 d5 b2 dd 6e 8a 1f e4 8f d2 87 f7 7f 77 fb c9 79 b6 28 ca eb 47 e9 4f e6 f5 2c 5b 66 a3 f4 b8 2e b2 72 94 7e 3b 2f 2f 73 c0 19 a5 4d b6 6c b6 9b bc 2e ce f1 d6 b4 2a 2b 42 16 28 de df 1d f1 ff 18 bf 49 36 7d 7b 51 57 eb e5 6c db 6b b2 77 ff fe 68 ef fe ce 68 6f ff 3e b7 ba 2a 66 ed 9c 30 d8 01 06 bf e4 37 4e 7e e3 64 3c 25 34 32 1a 5c 0d 12 bb 8f f2 65 ab 1f d8 3f c7 18 22 3e fc b1 55 36 9b 15 cb 0b 25 af 99 0a f3 a9 d2 77 f7 7e f8 31 11 e2 51 da f9 cc 4c 9b 7e 2c 53 61 01 04 13 b2 b7 b7 3b d2 ff 63 28 01 62 53 fa b7 ce 7f 36 51 0b ba 63 28 b7 ef ad fb f1 cd bd 19 42 08 d8 9b e8 f0 1b 27 77 bf 95 be 3c fe fc 34 7d fd e6 f7 79 7e f6 e2 f3 f4 5b d1 e7 2e 8d 61 95 5d e4 df ae 16 f9 09 0d 44 28 46 00 ec a7 af 80 30 3e b4 78 31 ae 86 5c cc b1 c2 c3 3b e3 07 f7 f3 05 7d 48 af 2b 80 d7 55 b9 6e 8b 6a d9 7c 41 ec c4 40 94 db 76 77 0c bb 85 ed 9e e6 c4 78 65 e3 37 7d c0 a2 41 2d b5 ed d3 ea 6a 59 56 d9 ec 26 98 b6 5d 04 e6 c1 c6 96 5f 63 c8 be 0c 3e bc 3f e2 ff d9 a9 e0 4e 8e 27 d5 ba 75 24 f6 30 f1 5b 7d bb a8 a9 3f d7 8c be e1 cf 4f 97 17 19 e9 a9 8b 57 d5 45 5e 7f 0d fc 08 8e 42 3a a1 6f b3 69 7b 42 14 5f 2c 9f 13 33 31 a0 01 0d a5 48 de 0b c8 15 40 70 b8 6c 06 a1 9a 95 60 28 94 e7 f9 45 56 ba 81 9a 76 a2 08 5d b3 b3 05 fd d3 6f e6 e6 9a 39 fd cd f1 e7 37 30 3a 38 7d be cb 20 1c 7d 76 c7 fb 4c 1d f9 e8 4a 35 f9 a4 2a 67 f8 d0 9b d2 9d d1 ce 68 f7 9e 9b d1 f9 5e 07 12 d4 ff d7 04 75 af 0f 6a 6f 03 28 35 58 44 5d ab 45 04 ce 7e 1f ce ee 6d e1 28 e7 e8 67 46 f1 6c 3f e0 8f 05 fc fd 2e f8 9d f1 c3 5b 82 17 2c cd 47 16 fa ee 1e 7f 2e e0 d9 d4 fc 98 35 a6 fc 8d 4f 36 b6 58 f2 7f 4b ba c9 b8 59 64 65 c9 6f 32 12 21 62 dc a6 2c 88 8d 58 48 9e 70 bf dc 58 3f b1 a8 78 e3 5c 8d 17 46 ad f8 96 fc a7 d7 4d 5b 9c 5f bb 56 f9 72 f6 a2 6a 85 27 83 be 0f 44 e0 7c dc 59 1b d0 ff 2c e2 ab 71 9d cf d6 d3 7c 26 38 7d c1 84 61 50 1d 1a c9 bc d0 3b d1 37 9e e7 8d 68 b5 ce 5b db 07 e6 b5 81 17 bf c3 a3 29 f2 59 ec 65 e9 73 f3 e8 15 e6 9b 6a 25 00 7d 2
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=PCUaERDz9kFwZZF&MD=ETnYge3c HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=PCUaERDz9kFwZZF&MD=ETnYge3c HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: www.excelworks.co.ukConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /styles.css HTTP/1.1Host: www.excelworks.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://www.excelworks.co.uk/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.excelworks.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://www.excelworks.co.uk/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __utma=78228160.630882712.1729779529.1729779529.1729779529.1; __utmc=78228160; __utmz=78228160.1729779529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=78228160.1.10.1729779529
Source: global traffic DNS traffic detected: DNS query: www.excelworks.co.uk
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=15Cache-Control: privateServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Thu, 24 Oct 2024 14:18:50 GMTContent-Encoding: gzipData Raw: 38 31 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 58 6b 4f e3 c8 12 fd 7c f9 15 bd 19 31 9f e2 47 1e bc 9c 90 2b 36 80 06 09 e6 a2 81 d9 dd 2b 21 8d 3a 76 27 b6 b0 dd d9 ee 0e 21 1b ed 7f bf a7 ba ed c4 10 60 b5 2b 5d 46 93 c4 4e 55 75 d5 a9 53 0f 67 f8 d3 f9 7f c6 f7 ff bd bd 60 a9 29 72 76 fb fd e7 eb ab 31 6b 79 41 f0 6b 6f 1c 04 e7 f7 e7 ec b7 2f f7 37 d7 ac e3 87 ec ce a8 2c 36 41 70 f1 b5 c5 5a a9 31 f3 28 08 96 cb a5 bf ec f9 52 cd 82 fb 6f c1 33 59 e9 90 5a f5 d1 d3 56 c7 4f 4c d2 1a b1 bd a1 3d e5 b9 c8 4b 7d fa 86 85 ce c9 c9 89 53 74 c2 82 27 a4 64 32 93 8b d1 d5 d5 1d eb 84 70 e3 5c 18 9e e5 22 61 17 4a 49 c5 3c d6 0f fb b8 ed b1 af d2 b0 4b b9 28 93 61 e0 54 a0 ab cd 2a 17 cc ac e6 e2 b4 65 c4 b3 09 62 ad ad f1 9f 3c 8f ed 4d 64 b2 5a 17 5c cd b2 32 0a 07 53 59 1a 4f 67 7f 88 c8 3f 12 85 bb 9c f2 22 cb 57 d1 2f 42 25 bc e4 ed 33 95 f1 bc fd 45 e4 4f c2 64 31 6f 6b 5e 6a 4f 0b 95 4d 07 7f b2 bd 58 26 62 6b 2e 96 b9 54 d1 a7 30 3c 3c 0c 9b c6 3b 7e a7 b6 be 14 d9 2c 35 d1 44 e6 09 e9 fb b1 2c a7 d9 ec 87 96 0b 15 0b 66 cd 35 9c 3a 86 da c6 68 88 3f d2 99 ab c6 91 5b e1 8e df 87 f4 52 aa c4 5b 2a 3e 8f 26 4a f0 47 8f ae 49 69 91 b7 65 5e 7b da 09 e7 cf 2c 04 b6 78 3b 98 3f bb ef fd 69 a6 b4 81 94 fb 50 c9 7a 46 ce a3 4a 66 9a 89 3c d1 c2 ac e7 3c 49 b2 72 16 c1 04 be 72 76 e8 93 3b dd 1e 5c 1d cf f3 dc 86 a9 17 05 40 5f 79 08 17 a9 2c 85 62 af 8d 79 13 69 8c 2c ec 59 2e 3f f6 e8 be 73 2f 17 33 51 26 7e 29 3d f1 3c e7 65 e2 c1 f0 c6 8d 2e f9 40 8e 40 d8 3a 33 a8 13 8c 20 41 93 0e 04 c8 0b 67 64 5d 01 da b3 7f 83 5a 96 74 43 76 8c 57 27 ff a3 e1 04 70 1a b0 3d 0b 75 33 7f 0d ec 81 3c 0e e0 51 9e 95 8f 6d 1e 3d 65 3a 33 22 a9 8f 0a c3 a3 8b cb 4b 47 af a6 01 ab 92 ca 27 a1 d6 c4 54 2f 11 b1 54 dc 64 b2 8c 4a 59 0a 32 99 76 d6 db 63 ba 36 c5 75 70 35 33 2e 61 9a 24 bb 0d c9 8e e5 f3 6b c9 f1 b8 e6 50 da 7b 21 4c cc a9 84 2b 6e 00 b8 da 7e 43 ab ff 42 ab bb a3 45 49 08 01 d5 9f 9f 52 54 32 c2 5a 66 89 49 a3 93 c3 fd da 3c 25 84 6c d7 14 3a 84 46 77 9f b9 b7 81 0d b5 2a c0 96 51 62 b2 88 53 61 d8 cd 5d ab 5d d7 63 a3 fe d8 1e 0a c6 56 1c 41 30 e1 f1 e3 4c 51 33 00 cb ec dd 83 f1 f1 d1 cf 5d eb 0e f1 4e 94 66 5d 23 62 bd e8 ee 0f e6 12 89 22 bc 95 c8 01 fc 93 c5 dc df 61 6b 9b ea 94 0c 6c 09 bc de 9e 17 7d a2 f3 5f 87 6a e9 0b 3e 6d 42 25 64 df 39 70 c7 3a 9b 37 5d 75 39 b1 81 24 b6 15 6a 2f 17 53 53 a1 db 3b d8 1f 4c 73 c9 4d 44 37 2b a0 3d 65 fb 0c 42 a4 6c d4 5a f6 66 a5 76 d8 7b a1 46 2c 84 95 65 94 66 49 22 4a ab 86 36 87 bb 3f f0 5f 03 a3 46 32 7f a4 ae 8d 75 10 51 91 95 5e f3 b2 ea ad 40 d8 b1 a1 ce 74 07 c2 94 6a 2a 31 b8 b5 cd 1c 81 87 54 6e f1 dc e4 ef ec e8 f2 ec 60 30 41 0b 13 aa ee 0f 64 45 cb 3c 4b d8 a7 71 67 7c 79 7e 5e 7f 4f 8d aa f1 65 ff ec 70 7c
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.0.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://ocsp.digicert.com0
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: widevinecdm.dll.8.dr, Google.Widevine.CDM.dll.8.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: sets.json.8.dr String found in binary or memory: https://07c225f3.online
Source: sets.json.8.dr String found in binary or memory: https://24.hu
Source: sets.json.8.dr String found in binary or memory: https://aajtak.in
Source: sets.json.8.dr String found in binary or memory: https://abczdrowie.pl
Source: sets.json.8.dr String found in binary or memory: https://alice.tw
Source: sets.json.8.dr String found in binary or memory: https://ambitionbox.com
Source: sets.json.8.dr String found in binary or memory: https://autobild.de
Source: sets.json.8.dr String found in binary or memory: https://baomoi.com
Source: sets.json.8.dr String found in binary or memory: https://bild.de
Source: sets.json.8.dr String found in binary or memory: https://blackrock.com
Source: sets.json.8.dr String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.8.dr String found in binary or memory: https://bluradio.com
Source: sets.json.8.dr String found in binary or memory: https://bolasport.com
Source: sets.json.8.dr String found in binary or memory: https://bonvivir.com
Source: sets.json.8.dr String found in binary or memory: https://bumbox.com
Source: sets.json.8.dr String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.8.dr String found in binary or memory: https://businesstoday.in
Source: sets.json.8.dr String found in binary or memory: https://cachematrix.com
Source: sets.json.8.dr String found in binary or memory: https://cafemedia.com
Source: sets.json.8.dr String found in binary or memory: https://caracoltv.com
Source: sets.json.8.dr String found in binary or memory: https://carcostadvisor.be
Source: sets.json.8.dr String found in binary or memory: https://carcostadvisor.com
Source: sets.json.8.dr String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.8.dr String found in binary or memory: https://cardsayings.net
Source: sets.json.8.dr String found in binary or memory: https://chatbot.com
Source: sets.json.8.dr String found in binary or memory: https://chennien.com
Source: sets.json.8.dr String found in binary or memory: https://citybibleforum.org
Source: sets.json.8.dr String found in binary or memory: https://clarosports.com
Source: manifest.json2.8.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: sets.json.8.dr String found in binary or memory: https://clmbtech.com
Source: sets.json.8.dr String found in binary or memory: https://closeronline.co.uk
Source: sets.json.8.dr String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.8.dr String found in binary or memory: https://cmxd.com.mx
Source: sets.json.8.dr String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.8.dr String found in binary or memory: https://cognitiveai.ru
Source: sets.json.8.dr String found in binary or memory: https://commentcamarche.com
Source: sets.json.8.dr String found in binary or memory: https://commentcamarche.net
Source: sets.json.8.dr String found in binary or memory: https://computerbild.de
Source: sets.json.8.dr String found in binary or memory: https://content-loader.com
Source: sets.json.8.dr String found in binary or memory: https://cookreactor.com
Source: LICENSE.txt.8.dr String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.8.dr String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: sets.json.8.dr String found in binary or memory: https://cricbuzz.com
Source: sets.json.8.dr String found in binary or memory: https://css-load.com
Source: sets.json.8.dr String found in binary or memory: https://deccoria.pl
Source: sets.json.8.dr String found in binary or memory: https://deere.com
Source: sets.json.8.dr String found in binary or memory: https://desimartini.com
Source: sets.json.8.dr String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.8.dr String found in binary or memory: https://drimer.io
Source: sets.json.8.dr String found in binary or memory: https://drimer.travel
Source: LICENSE.txt.8.dr String found in binary or memory: https://easylist.to/)
Source: sets.json.8.dr String found in binary or memory: https://economictimes.com
Source: sets.json.8.dr String found in binary or memory: https://een.be
Source: sets.json.8.dr String found in binary or memory: https://efront.com
Source: sets.json.8.dr String found in binary or memory: https://eleconomista.net
Source: sets.json.8.dr String found in binary or memory: https://elfinancierocr.com
Source: sets.json.8.dr String found in binary or memory: https://elgrafico.com
Source: sets.json.8.dr String found in binary or memory: https://ella.sv
Source: sets.json.8.dr String found in binary or memory: https://elpais.com.uy
Source: sets.json.8.dr String found in binary or memory: https://elpais.uy
Source: sets.json.8.dr String found in binary or memory: https://etfacademy.it
Source: sets.json.8.dr String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.8.dr String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.8.dr String found in binary or memory: https://fakt.pl
Source: sets.json.8.dr String found in binary or memory: https://finn.no
Source: sets.json.8.dr String found in binary or memory: https://firstlook.biz
Source: sets.json.8.dr String found in binary or memory: https://gallito.com.uy
Source: sets.json.8.dr String found in binary or memory: https://geforcenow.com
Source: sets.json.8.dr String found in binary or memory: https://gettalkdesk.com
Source: LICENSE.txt.8.dr String found in binary or memory: https://github.com/easylist)
Source: sets.json.8.dr String found in binary or memory: https://gliadomain.com
Source: sets.json.8.dr String found in binary or memory: https://gnttv.com
Source: sets.json.8.dr String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.8.dr String found in binary or memory: https://grid.id
Source: sets.json.8.dr String found in binary or memory: https://gridgames.app
Source: sets.json.8.dr String found in binary or memory: https://growthrx.in
Source: sets.json.8.dr String found in binary or memory: https://grupolpg.sv
Source: sets.json.8.dr String found in binary or memory: https://gujaratijagran.com
Source: sets.json.8.dr String found in binary or memory: https://hapara.com
Source: sets.json.8.dr String found in binary or memory: https://hazipatika.com
Source: sets.json.8.dr String found in binary or memory: https://hc1.com
Source: sets.json.8.dr String found in binary or memory: https://hc1.global
Source: sets.json.8.dr String found in binary or memory: https://hc1cas.com
Source: sets.json.8.dr String found in binary or memory: https://hc1cas.global
Source: sets.json.8.dr String found in binary or memory: https://healthshots.com
Source: sets.json.8.dr String found in binary or memory: https://hearty.app
Source: sets.json.8.dr String found in binary or memory: https://hearty.gift
Source: sets.json.8.dr String found in binary or memory: https://hearty.me
Source: sets.json.8.dr String found in binary or memory: https://heartymail.com
Source: sets.json.8.dr String found in binary or memory: https://heatworld.com
Source: sets.json.8.dr String found in binary or memory: https://helpdesk.com
Source: sets.json.8.dr String found in binary or memory: https://hindustantimes.com
Source: sets.json.8.dr String found in binary or memory: https://hj.rs
Source: sets.json.8.dr String found in binary or memory: https://hjck.com
Source: sets.json.8.dr String found in binary or memory: https://html-load.cc
Source: sets.json.8.dr String found in binary or memory: https://html-load.com
Source: sets.json.8.dr String found in binary or memory: https://human-talk.org
Source: sets.json.8.dr String found in binary or memory: https://idbs-cloud.com
Source: sets.json.8.dr String found in binary or memory: https://idbs-dev.com
Source: sets.json.8.dr String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.8.dr String found in binary or memory: https://idbs-staging.com
Source: sets.json.8.dr String found in binary or memory: https://img-load.com
Source: sets.json.8.dr String found in binary or memory: https://indiatimes.com
Source: sets.json.8.dr String found in binary or memory: https://indiatoday.in
Source: sets.json.8.dr String found in binary or memory: https://indiatodayne.in
Source: sets.json.8.dr String found in binary or memory: https://infoedgeindia.com
Source: sets.json.8.dr String found in binary or memory: https://interia.pl
Source: sets.json.8.dr String found in binary or memory: https://intoday.in
Source: sets.json.8.dr String found in binary or memory: https://iolam.it
Source: sets.json.8.dr String found in binary or memory: https://ishares.com
Source: sets.json.8.dr String found in binary or memory: https://jagran.com
Source: sets.json.8.dr String found in binary or memory: https://johndeere.com
Source: sets.json.8.dr String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.8.dr String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.8.dr String found in binary or memory: https://journaldunet.com
Source: sets.json.8.dr String found in binary or memory: https://journaldunet.fr
Source: sets.json.8.dr String found in binary or memory: https://joyreactor.cc
Source: sets.json.8.dr String found in binary or memory: https://joyreactor.com
Source: sets.json.8.dr String found in binary or memory: https://kaksya.in
Source: sets.json.8.dr String found in binary or memory: https://knowledgebase.com
Source: sets.json.8.dr String found in binary or memory: https://kompas.com
Source: sets.json.8.dr String found in binary or memory: https://kompas.tv
Source: sets.json.8.dr String found in binary or memory: https://kompasiana.com
Source: sets.json.8.dr String found in binary or memory: https://lanacion.com.ar
Source: sets.json.8.dr String found in binary or memory: https://landyrev.com
Source: sets.json.8.dr String found in binary or memory: https://landyrev.ru
Source: sets.json.8.dr String found in binary or memory: https://laprensagrafica.com
Source: sets.json.8.dr String found in binary or memory: https://lateja.cr
Source: sets.json.8.dr String found in binary or memory: https://libero.it
Source: sets.json.8.dr String found in binary or memory: https://linternaute.com
Source: sets.json.8.dr String found in binary or memory: https://linternaute.fr
Source: sets.json.8.dr String found in binary or memory: https://livechat.com
Source: sets.json.8.dr String found in binary or memory: https://livechatinc.com
Source: sets.json.8.dr String found in binary or memory: https://livehindustan.com
Source: sets.json.8.dr String found in binary or memory: https://livemint.com
Source: sets.json.8.dr String found in binary or memory: https://max.auto
Source: sets.json.8.dr String found in binary or memory: https://medonet.pl
Source: sets.json.8.dr String found in binary or memory: https://meo.pt
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.cl
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.8.dr String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.8.dr String found in binary or memory: https://mercadolivre.com
Source: sets.json.8.dr String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.cl
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.com
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.com.br
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.com.co
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.8.dr String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.8.dr String found in binary or memory: https://mercadoshops.cl
Source: sets.json.8.dr String found in binary or memory: https://mercadoshops.com
Source: sets.json.8.dr String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.8.dr String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.8.dr String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.8.dr String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.8.dr String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.8.dr String found in binary or memory: https://mightytext.net
Source: sets.json.8.dr String found in binary or memory: https://mittanbud.no
Source: sets.json.8.dr String found in binary or memory: https://money.pl
Source: sets.json.8.dr String found in binary or memory: https://motherandbaby.com
Source: sets.json.8.dr String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.8.dr String found in binary or memory: https://nacion.com
Source: sets.json.8.dr String found in binary or memory: https://naukri.com
Source: sets.json.8.dr String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.8.dr String found in binary or memory: https://nien.co
Source: sets.json.8.dr String found in binary or memory: https://nien.com
Source: sets.json.8.dr String found in binary or memory: https://nien.org
Source: sets.json.8.dr String found in binary or memory: https://nlc.hu
Source: sets.json.8.dr String found in binary or memory: https://nosalty.hu
Source: sets.json.8.dr String found in binary or memory: https://noticiascaracol.com
Source: sets.json.8.dr String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.8.dr String found in binary or memory: https://nvidia.com
Source: sets.json.8.dr String found in binary or memory: https://o2.pl
Source: sets.json.8.dr String found in binary or memory: https://ocdn.eu
Source: sets.json.8.dr String found in binary or memory: https://onet.pl
Source: sets.json.8.dr String found in binary or memory: https://ottplay.com
Source: sets.json.8.dr String found in binary or memory: https://p106.net
Source: sets.json.8.dr String found in binary or memory: https://p24.hu
Source: sets.json.8.dr String found in binary or memory: https://paula.com.uy
Source: sets.json.8.dr String found in binary or memory: https://pdmp-apis.no
Source: sets.json.8.dr String found in binary or memory: https://phonandroid.com
Source: sets.json.8.dr String found in binary or memory: https://player.pl
Source: sets.json.8.dr String found in binary or memory: https://plejada.pl
Source: sets.json.8.dr String found in binary or memory: https://poalim.site
Source: sets.json.8.dr String found in binary or memory: https://poalim.xyz
Source: sets.json.8.dr String found in binary or memory: https://pomponik.pl
Source: sets.json.8.dr String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.8.dr String found in binary or memory: https://prisjakt.no
Source: sets.json.8.dr String found in binary or memory: https://pudelek.pl
Source: sets.json.8.dr String found in binary or memory: https://punjabijagran.com
Source: sets.json.8.dr String found in binary or memory: https://radio1.be
Source: sets.json.8.dr String found in binary or memory: https://radio2.be
Source: sets.json.8.dr String found in binary or memory: https://reactor.cc
Source: sets.json.8.dr String found in binary or memory: https://repid.org
Source: sets.json.8.dr String found in binary or memory: https://reshim.org
Source: sets.json.8.dr String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.8.dr String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.8.dr String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.8.dr String found in binary or memory: https://sackrace.ai
Source: sets.json.8.dr String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.8.dr String found in binary or memory: https://salemovefinancial.com
Source: sets.json.8.dr String found in binary or memory: https://salemovetravel.com
Source: sets.json.8.dr String found in binary or memory: https://samayam.com
Source: sets.json.8.dr String found in binary or memory: https://sapo.io
Source: sets.json.8.dr String found in binary or memory: https://sapo.pt
Source: sets.json.8.dr String found in binary or memory: https://shock.co
Source: sets.json.8.dr String found in binary or memory: https://smaker.pl
Source: sets.json.8.dr String found in binary or memory: https://smoney.vn
Source: sets.json.8.dr String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.8.dr String found in binary or memory: https://socket-to-me.vip
Source: sets.json.8.dr String found in binary or memory: https://songshare.com
Source: sets.json.8.dr String found in binary or memory: https://songstats.com
Source: sets.json.8.dr String found in binary or memory: https://sporza.be
Source: sets.json.8.dr String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.8.dr String found in binary or memory: https://startlap.hu
Source: sets.json.8.dr String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.8.dr String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.8.dr String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.8.dr String found in binary or memory: https://stripe.com
Source: sets.json.8.dr String found in binary or memory: https://stripe.network
Source: sets.json.8.dr String found in binary or memory: https://stripecdn.com
Source: sets.json.8.dr String found in binary or memory: https://supereva.it
Source: sets.json.8.dr String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.8.dr String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.8.dr String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.8.dr String found in binary or memory: https://teacherdashboard.com
Source: sets.json.8.dr String found in binary or memory: https://technology-revealed.com
Source: sets.json.8.dr String found in binary or memory: https://terazgotuje.pl
Source: sets.json.8.dr String found in binary or memory: https://text.com
Source: sets.json.8.dr String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.8.dr String found in binary or memory: https://the42.ie
Source: sets.json.8.dr String found in binary or memory: https://thejournal.ie
Source: sets.json.8.dr String found in binary or memory: https://thirdspace.org.au
Source: sets.json.8.dr String found in binary or memory: https://timesinternet.in
Source: sets.json.8.dr String found in binary or memory: https://timesofindia.com
Source: sets.json.8.dr String found in binary or memory: https://tolteck.app
Source: sets.json.8.dr String found in binary or memory: https://tolteck.com
Source: sets.json.8.dr String found in binary or memory: https://top.pl
Source: sets.json.8.dr String found in binary or memory: https://tribunnews.com
Source: sets.json.8.dr String found in binary or memory: https://trytalkdesk.com
Source: sets.json.8.dr String found in binary or memory: https://tucarro.com
Source: sets.json.8.dr String found in binary or memory: https://tucarro.com.co
Source: sets.json.8.dr String found in binary or memory: https://tucarro.com.ve
Source: sets.json.8.dr String found in binary or memory: https://tvid.in
Source: sets.json.8.dr String found in binary or memory: https://tvn.pl
Source: sets.json.8.dr String found in binary or memory: https://tvn24.pl
Source: sets.json.8.dr String found in binary or memory: https://unotv.com
Source: sets.json.8.dr String found in binary or memory: https://victorymedium.com
Source: sets.json.8.dr String found in binary or memory: https://vrt.be
Source: sets.json.8.dr String found in binary or memory: https://vwo.com
Source: sets.json.8.dr String found in binary or memory: https://welt.de
Source: sets.json.8.dr String found in binary or memory: https://wieistmeineip.de
Source: sets.json.8.dr String found in binary or memory: https://wildix.com
Source: sets.json.8.dr String found in binary or memory: https://wildixin.com
Source: sets.json.8.dr String found in binary or memory: https://wingify.com
Source: sets.json.8.dr String found in binary or memory: https://wordle.at
Source: sets.json.8.dr String found in binary or memory: https://wp.pl
Source: sets.json.8.dr String found in binary or memory: https://wpext.pl
Source: sets.json.8.dr String found in binary or memory: https://www.asadcdn.com
Source: sets.json.8.dr String found in binary or memory: https://ya.ru
Source: sets.json.8.dr String found in binary or memory: https://yours.co.uk
Source: sets.json.8.dr String found in binary or memory: https://zalo.me
Source: sets.json.8.dr String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.8.dr String found in binary or memory: https://zingmp3.vn
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53679
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53681
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53680
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53681 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.5:49927 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49944 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.5:50013 version: TLS 1.2
Creates files inside the system directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_468653211 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_468653211\sets.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_468653211\manifest.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_468653211\LICENSE Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_468653211\_metadata\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_468653211\_metadata\verified_contents.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_468653211\manifest.fingerprint Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_680166997 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_680166997\Google.Widevine.CDM.dll Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_680166997\manifest.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_680166997\_metadata\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_680166997\_metadata\verified_contents.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_680166997\manifest.fingerprint Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\_platform_specific\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\_platform_specific\win_x64\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\_platform_specific\win_x64\widevinecdm.dll.sig Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\_platform_specific\win_x64\widevinecdm.dll Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\LICENSE Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\manifest.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\_metadata\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\_metadata\verified_contents.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\manifest.fingerprint Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_117410516 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_117410516\LICENSE.txt Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_117410516\Filtering Rules Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_117410516\manifest.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_117410516\_metadata\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_117410516\_metadata\verified_contents.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_117410516\manifest.fingerprint Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_806731018 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_806731018\keys.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_806731018\manifest.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_806731018\LICENSE Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_806731018\_metadata\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_806731018\_metadata\verified_contents.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_806731018\manifest.fingerprint Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_493211379 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_493211379\ssl_error_assistant.pb Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_493211379\manifest.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_493211379\_metadata\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_493211379\_metadata\verified_contents.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_493211379\manifest.fingerprint Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1293610195 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1293610195\download_file_types.pb Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1293610195\manifest.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1293610195\_metadata\ Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1293610195\_metadata\verified_contents.json Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1293610195\manifest.fingerprint Jump to behavior
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\chrome_BITS_3720_169411573 Jump to behavior
PE file contains more sections than normal
Source: Google.Widevine.CDM.dll.8.dr Static PE information: Number of sections : 12 > 10
Source: widevinecdm.dll.8.dr Static PE information: Number of sections : 13 > 10
Source: classification engine Classification label: clean7.winXLSX@33/46@8/8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File created: C:\Users\user\Desktop\~$Mortgage Calculator and Comparator.xlsx Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File created: C:\Users\user\AppData\Local\Temp\{25B010DC-BB47-4B16-BA01-3B6973B00968} - OProcSessId.dat Jump to behavior
Source: Mortgage Calculator and Comparator.xlsx OLE indicator, Workbook stream: true
Source: E9350000.0.dr OLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2016,i,1178374307907939946,2446228775624378766,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.excelworks.co.uk/"
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Mortgage Calculator and Comparator.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2016,i,1178374307907939946,2446228775624378766,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88d96a0f-f192-11d4-a65f-0040963251e5}\InProcServer32 Jump to behavior
Source: Google Drive.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/vmlDrawing8.vml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/vmlDrawing7.vml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/drawing4.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/vmlDrawing5.vml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/vmlDrawing6.vml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/drawing5.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet5.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/_rels/drawing2.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/_rels/drawing3.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/_rels/drawing4.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/_rels/drawing5.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet11.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet10.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet6.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet7.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet8.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/_rels/sheet9.xml.rels
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/vmlDrawing4.vml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/drawing2.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/vmlDrawing2.vml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/sheet11.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/sheet9.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/sheet6.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/vmlDrawing3.vml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/sheet10.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/drawings/drawing3.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/sheet8.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/worksheets/sheet7.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp2.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/comments3.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp1.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/comments1.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/comments6.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings4.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings7.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/comments5.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp4.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp3.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings6.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/comments4.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings8.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/comments2.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp5.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings5.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings11.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings10.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/comments8.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/printerSettings/printerSettings9.bin
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/comments7.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp6.xml
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE zip file path = xl/calcChain.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/sheet6.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/sheet7.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/sheet8.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/sheet10.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/sheet11.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet6.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet7.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/drawing2.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet9.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet10.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet11.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/vmlDrawing2.vml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/_rels/drawing2.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/_rels/drawing3.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/drawing3.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/vmlDrawing3.vml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/_rels/drawing4.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/_rels/drawing5.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/vmlDrawing4.vml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet8.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/drawing4.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/vmlDrawing5.vml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/sheet9.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/vmlDrawing6.vml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/drawing5.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/vmlDrawing7.vml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/drawings/vmlDrawing8.vml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/worksheets/_rels/sheet5.xml.rels
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp1.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp2.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/comments1.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/comments2.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings4.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/comments3.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings5.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/comments4.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings6.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings7.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/comments5.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp5.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp6.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/comments7.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings9.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/comments6.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp4.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/comments8.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings10.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings11.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/printerSettings/printerSettings8.bin
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/calcChain.xml
Source: E9350000.0.dr Initial sample: OLE zip file path = xl/ctrlProps/ctrlProp3.xml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll Jump to behavior
Source: Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.8.dr
Source: Binary string: C:\b\s\w\ir\x\w\rc\cdm\protected\out\Release\widevinecdm.dll.pdb source: widevinecdm.dll.8.dr
Source: Mortgage Calculator and Comparator.xlsx Initial sample: OLE indicators vbamacros = False
PE file contains sections with non-standard names
Source: Google.Widevine.CDM.dll.8.dr Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.8.dr Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.8.dr Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.8.dr Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.8.dr Static PE information: section name: _RDATA
Source: widevinecdm.dll.8.dr Static PE information: section name: .00cfg
Source: widevinecdm.dll.8.dr Static PE information: section name: .gxfg
Source: widevinecdm.dll.8.dr Static PE information: section name: .retplne
Source: widevinecdm.dll.8.dr Static PE information: section name: .rodata
Source: widevinecdm.dll.8.dr Static PE information: section name: _RDATA
Source: widevinecdm.dll.8.dr Static PE information: section name: malloc_h
Drops PE files
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_680166997\Google.Widevine.CDM.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\_platform_specific\win_x64\widevinecdm.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_680166997\Google.Widevine.CDM.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_1096783416\_platform_specific\win_x64\widevinecdm.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3720_117410516\LICENSE.txt Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\splwow64.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\splwow64.exe Window / User API: threadDelayed 1847 Jump to behavior
Source: C:\Windows\splwow64.exe Window / User API: threadDelayed 8072 Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\splwow64.exe Last function: Thread delayed
Source: C:\Windows\splwow64.exe Last function: Thread delayed
Source: C:\Windows\splwow64.exe Thread delayed: delay time: 120000 Jump to behavior
Source: C:\Windows\splwow64.exe Thread delayed: delay time: 120000 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE Process information queried: ProcessInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1541255 Sample: Mortgage Calculator and Com... Startdate: 24/10/2024 Architecture: WINDOWS Score: 7 5 chrome.exe 64 2->5         started        9 EXCEL.EXE 220 84 2->9         started        11 EXCEL.EXE 63 63 2->11         started        13 chrome.exe 2->13         started        dnsIp3 24 192.168.2.13 unknown unknown 5->24 26 192.168.2.23 unknown unknown 5->26 30 2 other IPs or domains 5->30 20 C:\Windows\...behaviorgraphoogle.Widevine.CDM.dll, PE32+ 5->20 dropped 22 C:\Windows\SystemTemp\...\widevinecdm.dll, PE32+ 5->22 dropped 15 chrome.exe 5->15         started        28 s-part-0017.t-0009.fb-t-msedge.net 13.107.253.45, 443, 50013, 50014 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 9->28 18 splwow64.exe 1 9->18         started        file4 process5 dnsIp6 32 www.excelworks.co.uk 217.160.0.56, 50002, 50003, 80 ONEANDONE-ASBrauerstrasse48DE Germany 15->32 34 www.google.com 142.250.184.196, 443, 50011 GOOGLEUS United States 15->34 36 142.250.186.68, 443, 50019, 53679 GOOGLEUS United States 15->36
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.186.68
 unknown United States
15169 GOOGLEUS false
142.250.184.196
 www.google.com United States
15169 GOOGLEUS false
217.160.0.56
 www.excelworks.co.uk Germany
8560 ONEANDONE-ASBrauerstrasse48DE false
13.107.253.45
 s-part-0017.t-0009.fb-t-msedge.net United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.5
192.168.2.23
192.168.2.13

Contacted Domains

Name IP Active
s-part-0044.t-0009.fb-t-msedge.net 13.107.253.72 true
s-part-0017.t-0009.fb-t-msedge.net 13.107.253.45 true
s-part-0017.t-0009.t-msedge.net 13.107.246.45 true
www.google.com 142.250.184.196 true
www.excelworks.co.uk 217.160.0.56 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.excelworks.co.uk/favicon.ico false
    		unknown
    http://www.excelworks.co.uk/ false
      		unknown