Edit tour

Windows Analysis Report
Launcher 1.0.0.exe

Overview

General Information

Sample name:	Launcher 1.0.0.exe
Analysis ID:	1555397
MD5:	50d9fe99f65bb8af4ca058d23ea8de0c
SHA1:	041d1b6307b0323cfaac612e7dd912a67abe9fad
SHA256:	0afab4b26c198530fcaba9dfa5ee813ea3afc3427cb7cef62e3fb624538bf894
Tags:	exeuser-JaffaCakes118
Infos:

Detection

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

AI detected suspicious sample

Drops large PE files

Maps a DLL or memory area into another process

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Suspicious powershell command line found

Tries to harvest and steal browser information (history, passwords, etc)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables security privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Too many similar processes found

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

Launcher 1.0.0.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\Launcher 1.0.0.exe" MD5: 50D9FE99F65BB8AF4CA058D23EA8DE0C)

Launcher.exe (PID: 7800 cmdline: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe MD5: 76C8F7F191F2F33CC9FE1C2D3FABD39B)

MpCmdRun.exe (PID: 7892 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)

conhost.exe (PID: 7900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 8088 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 8144 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 8176 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 3608 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

Launcher.exe (PID: 4108 cmdline: "C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 76C8F7F191F2F33CC9FE1C2D3FABD39B)

cmd.exe (PID: 2916 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 2140 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

find.exe (PID: 1780 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 3336 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 3288 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

Conhost.exe (PID: 4852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Launcher.exe (PID: 7552 cmdline: "C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2332 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 76C8F7F191F2F33CC9FE1C2D3FABD39B)

cmd.exe (PID: 4852 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 3992 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)

chrome.exe (PID: 6092 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2020,i,5269369823406404919,7201687939251577803,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

Conhost.exe (PID: 7624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6036 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 4592 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

msedge.exe (PID: 3428 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1780 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1972,i,15545143472939846321,13225801694400358127,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 3940 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 2140 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

find.exe (PID: 7380 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

Conhost.exe (PID: 8204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 8512 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 5324 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 3940 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 8660 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 9300 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 9348 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 9436 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 9484 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

find.exe (PID: 9492 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 9688 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 9744 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 9812 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 9872 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 10028 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 10036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 10076 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 10128 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 10148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 10184 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

find.exe (PID: 10200 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 8228 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 2140 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 5324 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 8560 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)

Conhost.exe (PID: 9476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 9512 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 9436 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 9648 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 7760 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

Conhost.exe (PID: 9524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

find.exe (PID: 9736 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 9696 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 4320 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

Conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 3888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2196 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 2672 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7892 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 7928 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 7720 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 7880 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

Conhost.exe (PID: 3096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 2484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 3264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 1892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 1168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 4456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 1928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 3396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 1712 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8468 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9544 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6320 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9560 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6272 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

identity_helper.exe (PID: 9932 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7144 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)

identity_helper.exe (PID: 9976 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7144 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)

cleanup

Sigma Signatures

System Summary

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Source: Threat created

Author: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\wbem\WMIC.exe, SourceProcessId: 2140, StartAddress: 213032B0, TargetImage: C:\Windows\System32\wbem\WMIC.exe, TargetProcessId: 2140

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe, ParentImage: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe, ParentProcessId: 7800, ParentProcessName: Launcher.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400, ProcessId: 6092, ProcessName: chrome.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4852, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, ProcessId: 3992, ProcessName: powershell.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-13T20:29:24.408183+0100	2022930	1	A Network Trojan was detected	4.175.87.197	443	192.168.2.4	49730	TCP
2024-11-13T20:30:04.135038+0100	2022930	1	A Network Trojan was detected	4.175.87.197	443	192.168.2.4	49826	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.1% probability

Source: Launcher 1.0.0.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\LICENSE.electron.txt			Jump to behavior

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49968 version: TLS 1.2

Source: Launcher 1.0.0.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: elevate.exe.0.dr
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: libGLESv2.dll.0.dr

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\resources	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 28MB

Source: Joe Sandbox View	IP Address: 108.181.20.35 108.181.20.35
Source: Joe Sandbox View	IP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49826

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 20.151.152.98
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HCVAPlGT5fLrlfy&MD=y2WMRcoX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=3B0A95F3551264511B6180C5543765B7&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=8684241135348538038&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=80f080d426c44ea0cbcea00c132d696e HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=3B0A95F3551264511B6180C5543765B7; _EDGE_S=F=1&SID=1644D3AB8411612D3060C69D85A66064; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=B62A702D-1013-44F9-9EE4-60FF5F5A6889&ocid=pdp-peregrine&cm=en-us&it=app&user=m-3B0A95F3551264511B6180C5543765B7&scn=APP_ANON&source=market-consolidation HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=3B0A95F3551264511B6180C5543765B7; _EDGE_S=F=1&SID=1644D3AB8411612D3060C69D85A66064; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/brand/new-msn-logo-color-white.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=3B0A95F3551264511B6180C5543765B7; _EDGE_S=F=1&SID=1644D3AB8411612D3060C69D85A66064; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=3B0A95F3551264511B6180C5543765B7&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=8684241135348538038&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=87e368a7d1914ed9b4634041aa57a29d HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=3B0A95F3551264511B6180C5543765B7; _EDGE_S=F=1&SID=1644D3AB8411612D3060C69D85A66064; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /staticsb/statics/latest/icons-wc/icons/FeedSettings.svg HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=3B0A95F3551264511B6180C5543765B7; _EDGE_S=F=1&SID=1644D3AB8411612D3060C69D85A66064; _EDGE_V=1; MUIDB=3B0A95F3551264511B6180C5543765B7
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HCVAPlGT5fLrlfy&MD=y2WMRcoX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: chrome.exe, 00000019.00000003.2002038874.00002DA404794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2001766608.00002DA405354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2001919228.00002DA405368000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000019.00000003.2002038874.00002DA404794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2001766608.00002DA405354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2001919228.00002DA405368000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;

Source: global traffic	DNS traffic detected: DNS query: catbox.moe
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Access-Control-Allow-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssignedAccess-Control-Expose-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssignedDDD-AuthenticatedWithJwtFlow: FalseDDD-UserType: AnonymousMuidDDD-StrategyExecutionLatency: 00:00:00.0019639,00:00:00.0021733DDD-ActivityId: 571385a5-2ba5-4262-b9bd-5570b175b32dDDD-TMPL-Removed: FalseDDD-DebugId: 571385a5-2ba5-4262-b9bd-5570b175b32d|2024-11-13T19:29:55.1033174Z|fabric_msn|WUS2-A|News_289DDD-Auth-Features: AT:NA;DID:m-3B0A95F3551264511B6180C5543765B7;IT:App;MuidStateOrigin:MuidFromCookieOneWebServiceLatency: 4X-MSEdge-ResponseInfo: 4Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAX-Ceto-ref: 6734fe33063c4b709269db9df205d885|AFD:6734fe33063c4b709269db9df205d885|2024-11-13T19:29:55.086ZX-MSEdge-Ref: Ref A: 046209DC46C04D06A3AE8EE70D67EDE5 Ref B: DFW30EDGE0319 Ref C: 2024-11-13T19:29:55ZExpires: Wed, 13 Nov 2024 19:29:55 GMTDate: Wed, 13 Nov 2024 19:29:55 GMTContent-Length: 88Connection: closeSet-Cookie: _C_ETH=1; expires=Tue, 12 Nov 2024 19:29:55 GMT; domain=.msn.com; path=/; secure; httponlySet-Cookie: _C_Auth=Set-Cookie: MUIDB=3B0A95F3551264511B6180C5543765B7; expires=Mon, 08 Dec 2025 19:29:55 GMT; path=/; httponlySet-Cookie: _EDGE_S=F=1&SID=1644D3AB8411612D3060C69D85A66064; domain=.msn.com; path=/; httponlyAlt-Svc: h3=":443"; ma=86400Akamai-Request-BC: [a=23.47.56.168,b=738217844,c=g,n=US_TX_DALLAS,o=20940],[a=204.79.197.203,c=o]Se

Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/1085
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/1452
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/1512
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/1637
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/1936
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/2046
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/2152
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/2162
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/2273
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/2517
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/2894
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/2970
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/2978
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3027
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3045
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3206
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3246
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3625
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3682
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3729
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3970
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/3997
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4214
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4267
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4633
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4646
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4722
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/482
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5007
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5430
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5469
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5535
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5577
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5658
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5750
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6041
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7036
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7279
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7488
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7527
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7724
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7760
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7761
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://anglebug.com/7761Frontend
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/1094869
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/110263
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/1144207
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/1165751
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/1165751disableProgramBinaryDisable
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/1171371
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/1181068
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/1181193
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/308366
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/403957
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/550292
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/565179
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/642227
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/642605
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/644669
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/650547
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/672380
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/709351
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/797243
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/809422
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/830046
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/849576
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/883276
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/927470
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/941620
Source: libGLESv2.dll.0.dr	String found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: elevate.exe.0.dr	String found in binary or memory: http://int3.de/
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000019.00000003.2002359620.00002DA405398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002483364.00002DA4053BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002562718.00002DA40532C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002666314.00002DA40540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002393068.00002DA4053AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: Launcher 1.0.0.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: chrome.exe, 00000019.00000003.2002523036.00002DA405440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002359620.00002DA405398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002483364.00002DA4053BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002562718.00002DA40532C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002666314.00002DA40540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004994403.00002DA405368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004930724.00002DA405480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004844572.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002393068.00002DA4053AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004884261.00002DA40538C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000019.00000003.2002523036.00002DA405440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002359620.00002DA405398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002483364.00002DA4053BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002562718.00002DA40532C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002666314.00002DA40540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004994403.00002DA405368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004930724.00002DA405480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004844572.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002393068.00002DA4053AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004884261.00002DA40538C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000019.00000003.2002523036.00002DA405440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002359620.00002DA405398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002483364.00002DA4053BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002562718.00002DA40532C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002666314.00002DA40540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004994403.00002DA405368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004930724.00002DA405480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004844572.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002393068.00002DA4053AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004884261.00002DA40538C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000019.00000003.2002523036.00002DA405440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002359620.00002DA405398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002483364.00002DA4053BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002562718.00002DA40532C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002666314.00002DA40540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004994403.00002DA405368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004930724.00002DA405480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004844572.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002393068.00002DA4053AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004884261.00002DA40538C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000019.00000003.2005172648.00002DA404F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1998862411.00002DA404F70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000019.00000003.2005172648.00002DA404F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1998862411.00002DA404F70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000019.00000003.2005172648.00002DA404F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1998862411.00002DA404F70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://alekberg.net/privacy
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/4674
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/4830
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/4849
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/4966
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/5140
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/5536
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7246
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7382
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7405
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://anglebug.com/7899
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106
Source: Web Data.36.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.36.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: chrome.exe, 00000019.00000003.2001274541.00002DA405098000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: fr.pak.0.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=fr&category=theme81https://myactivity.google.com/myactivity/?u
Source: fr.pak.0.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=frRaccourci
Source: zh-CN.pak.0.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN
Source: zh-CN.pak.0.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity
Source: chrome.exe, 00000019.00000003.2013784972.00002DA4050B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1999217828.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1998354932.00002DA405098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006584616.00002DA404738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2001380515.00002DA4050B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1999261153.00002DA405090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1998258262.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006663516.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2001274541.00002DA405098000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: chrome.exe, 00000019.00000003.1974259781.00007198006B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000019.00000003.1973396993.0000719800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000019.00000003.1974259781.00007198006B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000019.00000003.1973396993.0000719800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000019.00000003.1974132090.0000719800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000019.00000003.1973396993.0000719800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://chromium.dns.nextdns.io
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacy
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: chrome.exe, 00000019.00000003.1968404656.00005A68002E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1968318956.00005A68002DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/1042393
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/1046462
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/1060012
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/1091824
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/1137851
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/1300575
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/1356053
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/593024
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/650547
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/655534
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/705865
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/710443
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/811661
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://crbug.com/848952
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns.google/dns-query
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns.quad9.net/dns-query
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns.sb/privacy/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns10.quad9.net/dns-query
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns11.quad9.net/dns-query
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11(
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dns64.dns.google/dns-query
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.cox.net/dns-query
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.dns.sb/dns-query
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.opendns.com/dns-query
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.quickline.ch/dns-query
Source: Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://doh.xfinity.com/dns-query
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: Web Data.36.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.36.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.36.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 00000019.00000003.1974132090.0000719800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000019.00000003.1973396993.0000719800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000019.00000003.1974132090.0000719800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj
Source: chrome.exe, 00000019.00000003.1974132090.0000719800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000019.00000003.1973396993.0000719800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000019.00000003.1974132090.0000719800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000019.00000003.1974132090.0000719800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000019.00000003.1974132090.0000719800684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/q
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/220069903
Source: libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000019.00000003.1973396993.0000719800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000019.00000003.1973396993.0000719800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000019.00000003.1973396993.0000719800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000019.00000003.1974598429.00007198006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000019.00000003.1973663876.000071980039C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000019.00000003.1980785195.00002DA404A40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000019.00000003.1977888775.00002DA4045C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://myactivity.google.com/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://nextdns.io/privacy
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://odvr.nic.cz/doh
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: chrome.exe, 00000019.00000003.1998862411.00002DA404F75000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005172648.00002DA404F7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000019.00000003.2005172648.00002DA404F7A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997923902.00002DA404DD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000019.00000003.1998862411.00002DA404F75000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005172648.00002DA404F7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000019.00000003.1998862411.00002DA404F75000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005172648.00002DA404F7A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997923902.00002DA404DD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000019.00000003.1998862411.00002DA404F75000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005172648.00002DA404F7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000019.00000003.1998862411.00002DA404F75000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005172648.00002DA404F7A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997923902.00002DA404DD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000019.00000003.2005172648.00002DA404F7A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997923902.00002DA404DD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000019.00000003.1998862411.00002DA404F75000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005172648.00002DA404F7A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997923902.00002DA404DD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: fr.pak.0.dr	String found in binary or memory: https://passwords.google.comCompte
Source: zh-CN.pak.0.dr	String found in binary or memory: https://passwords.google.comGoogle
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://policies.google.com/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://public.dns.iij.jp/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://public.dns.iij.jp/IIJ
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://public.dns.iij.jp/dns-query
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: zh-CN.pak.0.dr, fr.pak.0.dr	String found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: chrome.exe, 00000019.00000003.2001274541.00002DA405098000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: zh-CN.pak.0.dr	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: fr.pak.0.dr	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlG
Source: Web Data.36.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000019.00000003.2005172648.00002DA404F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1998862411.00002DA404F70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://www.nic.cz/odvr/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://www.quad9.net/home/privacy/
Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: https://www.quad9.net/home/privacy/Quad9

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49968 version: TLS 1.2

Source: Conhost.exe	Process created: 79
Source: cmd.exe	Process created: 43

System Summary

Drops large PE files

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File dump: Launcher.exe.0.dr 162117120			Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File dump: Launcher.exe0.0.dr 162117120			Jump to dropped file

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe

Process token adjusted: Security

Jump to behavior

Source: Launcher.exe.0.dr	Static PE information: Number of sections : 15 > 10
Source: libEGL.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: Launcher.exe0.0.dr	Static PE information: Number of sections : 15 > 10
Source: vk_swiftshader.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.dr	Static PE information: Number of sections : 11 > 10

Source: Launcher 1.0.0.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal80.troj.spyw.evad.winEXE@542/383@25/16

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe

File created: C:\Users\user\AppData\Roaming\unrealgame

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3760:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9308:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9828:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6008:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:10036:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7404:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9444:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9508:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9276:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:984:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8280:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9576:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1608:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7088:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7900:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8684:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7752:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8532:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9696:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1868:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:10148:120:WilError_03

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe

File created: C:\Users\user\AppData\Local\Temp\nsl1AE3.tmp

Jump to behavior

Source: Launcher 1.0.0.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\conhost.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe

File read: C:\Users\user\Desktop\Launcher 1.0.0.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Launcher 1.0.0.exe "C:\Users\user\Desktop\Launcher 1.0.0.exe"
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2332 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2020,i,5269369823406404919,7201687939251577803,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1972,i,15545143472939846321,13225801694400358127,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6320 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6272 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7144 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7144 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wbem\WMIC.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wbem\WMIC.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wbem\WMIC.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\find.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2332 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7144 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2020,i,5269369823406404919,7201687939251577803,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1972,i,15545143472939846321,13225801694400358127,262144 /prefetch:3
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: wscapi.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: Launcher 1.0.0.exe

Static file information: File size 77310944 > 1048576

Source: Launcher 1.0.0.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: elevate.exe.0.dr
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: libGLESv2.dll.0.dr

Data Obfuscation

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

Source: ffmpeg.dll.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll.0.dr	Static PE information: section name: _RDATA
Source: Launcher.exe.0.dr	Static PE information: section name: .00cfg
Source: Launcher.exe.0.dr	Static PE information: section name: .gxfg
Source: Launcher.exe.0.dr	Static PE information: section name: .retplne
Source: Launcher.exe.0.dr	Static PE information: section name: .rodata
Source: Launcher.exe.0.dr	Static PE information: section name: CPADinfo
Source: Launcher.exe.0.dr	Static PE information: section name: LZMADEC
Source: Launcher.exe.0.dr	Static PE information: section name: _RDATA
Source: Launcher.exe.0.dr	Static PE information: section name: malloc_h
Source: libEGL.dll.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.0.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.0.dr	Static PE information: section name: .retplne
Source: libEGL.dll.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.0.dr	Static PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.0.dr	Static PE information: section name: _RDATA
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll0.0.dr	Static PE information: section name: _RDATA
Source: Launcher.exe0.0.dr	Static PE information: section name: .00cfg
Source: Launcher.exe0.0.dr	Static PE information: section name: .gxfg
Source: Launcher.exe0.0.dr	Static PE information: section name: .retplne
Source: Launcher.exe0.0.dr	Static PE information: section name: .rodata
Source: Launcher.exe0.0.dr	Static PE information: section name: CPADinfo
Source: Launcher.exe0.0.dr	Static PE information: section name: LZMADEC
Source: Launcher.exe0.0.dr	Static PE information: section name: _RDATA
Source: Launcher.exe0.0.dr	Static PE information: section name: malloc_h
Source: 925d5ed0-3790-4c88-a2ff-cbb13dffed31.tmp.node.2.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\Launcher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File created: C:\Users\user\AppData\Local\Temp\7ff349b6-3786-434c-86c1-c005510cad61.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File created: C:\Users\user\AppData\Local\Temp\925d5ed0-3790-4c88-a2ff-cbb13dffed31.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\ffmpeg.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File created: C:\Users\user\AppData\Local\Temp\925d5ed0-3790-4c88-a2ff-cbb13dffed31.tmp.node			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File created: C:\Users\user\AppData\Local\Temp\7ff349b6-3786-434c-86c1-c005510cad61.tmp.node			Jump to dropped file

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\LICENSE.electron.txt			Jump to behavior

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4702
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 691
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3318
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3584
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2687
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 445
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2626
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1262

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7ff349b6-3786-434c-86c1-c005510cad61.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\925d5ed0-3790-4c88-a2ff-cbb13dffed31.tmp.node	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Launcher 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\d3dcompiler_47.dll	Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2596	Thread sleep count: 4702 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2596	Thread sleep count: 691 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 792	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7856	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4564	Thread sleep count: 3318 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9240	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5324	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9920	Thread sleep count: 3584 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 10024	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9964	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9376	Thread sleep count: 2687 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9304	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9364	Thread sleep count: 445 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9356	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8108	Thread sleep count: 2626 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8108	Thread sleep count: 1262 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7956	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8156	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Launcher 1.0.0.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\resources	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: libGLESv2.dll.0.dr	Binary or memory string: VMware
Source: WMIC.exe, 00000010.00000003.1940041088.000001745FF9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <CIM><INSTANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM_PhysicalComponent" PRO
Source: libGLESv2.dll.0.dr	Binary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTestX
Source: WMIC.exe, 00000010.00000003.1942660737.000001745FFB1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $<COMMAND SEQUENCENUM="1" ISSUEDFROM="745773" STARTTIME="11-13-2024T14:29:31" EVERYCOUNT="0"><REQUEST><COMMANDLINE> MemoryChip get /format:list </COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>745773</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_809</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="745773"><CIM><INSTANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALU
Source: WMIC.exe, 00000010.00000003.1940041088.000001745FF9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="SerialNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>00000001</VALUE></PROPERTY><PROPERTY NAME="SKU" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="SMBIOSMemoryType" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>3</VALUE></PROPERTY><PROPERTY NAME="Speed" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Status" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Tag" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Physical Memory 0</VALUE></PROPERTY><PROPERTY NAME="TotalWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="TypeDetail" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint16"><VALUE>128</VALUE></PROPERTY><PROPERTY NAME="Version" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY></INSTANCE>
Source: libGLESv2.dll.0.dr	Binary or memory string: (IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))
Source: WMIC.exe, 00000010.00000003.1939948856.0000017461F83000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: </VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VW-4096M-
Source: WMIC.exe, 00000010.00000003.1940082226.000001745FFA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <RESULTS NODE="745773"><CIM><INSTANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM
Source: WMIC.exe, 00000010.00000003.1942592498.000001745FFAC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE
Source: WMIC.exe, 00000010.00000003.1942660737.000001745FFC2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: E="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY>//n
Source: WMIC.exe, 00000010.00000003.1940006995.000001745FFBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="
Source: WMIC.exe, 00000010.00000003.1942592498.000001745FFAC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $<COMMAND SEQUENCENUM="1" ISSUEDFROM="745773" STARTTIME="11-13-2024T14:29:31" EVERYCOUNT="0"><REQUEST><COMMANDLINE> MemoryChip get /format:list </COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>745773</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_809</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="745773"><CIM><INSTANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALU
Source: WMIC.exe, 00000010.00000003.1940082226.000001745FFA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <RESULTS NODE="745773"><CIM><INSTANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM
Source: WMIC.exe, 00000010.00000003.1940082226.000001745FFA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $<COMMAND SEQUENCENUM="1" ISSUEDFROM="745773" STARTTIME="11-13-2024T14:29:31" EVERYCOUNT="0"><REQUEST><COMMANDLINE> MemoryChip get /format:list </COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>745773</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_809</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="745773"><CIM><INSTANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALU
Source: WMIC.exe, 00000010.00000003.1942660737.000001745FFC2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MBC
Source: WMIC.exe, 00000010.00000003.1940063663.000001745FFC1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: M_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="SerialNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>00000001</VALUE></PROPERTY><PROPERTY NAME="SKU" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="SMBIOSMemoryType" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>3</VALUE></PROPERTY><PROPERTY NAME="Speed" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Status" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Tag" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Physical Memory 0</VALUE></PROPERTY><PROPERTY NAME="TotalWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="TypeDetail" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint16"><VALUE>128</VALUE></PROPERTY><PROPERTY NAME="Version" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY></INSTANCE> memory,
Source: WMIC.exe, 00000010.00000003.1942660737.000001745FFA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ULTS NODE="745773"><CIM><INSTANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROP
Source: WMIC.exe, 00000010.00000003.1942346965.000001745FFA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="SerialNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>00000001</VALUE></PROPERTY><PROPERTY NAME="SKU" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="SMBIOSMemoryType" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>3</VALUE></PROPERTY><PROPERTY NAME="Speed" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Status" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Tag" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Phy
Source: WMIC.exe, 00000010.00000003.1940063663.000001745FFC1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: E CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY>//n
Source: WMIC.exe, 00000010.00000003.1940041088.000001745FF9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <CIM><INSTANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM_PhysicalComponent" PRO
Source: find.exe, 00000011.00000002.1943991233.000001F1E606A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Manufacturer=VMware Virtual RAM
Source: WMIC.exe, 00000010.00000003.1940041088.000001745FF9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UEST><COMMANDLINE> MemoryChip get /format:list </COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>745773</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_809</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST>RIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGAT
Source: WMIC.exe, 00000010.00000003.1940913197.00000174606F6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: WMIC.exe, 00000010.00000002.1943522250.000001746025B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urer=VMware Virtual RAM
Source: WMIC.exe, 00000010.00000003.1942727952.000001745FF57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $VMware Virtual RAMyent
Source: WMIC.exe, 00000010.00000003.1940082226.000001745FFA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="OtherIdentifyingInfo" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="PartNumber" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMW-4096MB</VALUE></PROPERTY><PROPERTY NAME="PositionInRow" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="PoweredOn" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Removable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="Replaceable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE
Source: WMIC.exe, 00000010.00000003.1940082226.000001745FFA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $<COMMAND SEQUENCENUM="1" ISSUEDFROM="745773" STARTTIME="11-13-2024T14:29:31" EVERYCOUNT="0"><REQUEST><COMMANDLINE> MemoryChip get /format:list </COMMANDLINE><COMMANDLINECOMPONENTS><NODELIST><NODE>745773</NODE></NODELIST></COMMANDLINECOMPONENTS><CONTEXT><NAMESPACE>root\cimv2</NAMESPACE><ROLE>root\cli</ROLE><IMPLEVEL>IMPERSONATE</IMPLEVEL><AUTHLEVEL>PKTPRIVACY</AUTHLEVEL><LOCALE>ms_809</LOCALE><PRIVILEGES>ENABLE</PRIVILEGES><TRACE>OFF</TRACE><RECORD>N/A</RECORD><INTERACTIVE>OFF</INTERACTIVE><FAILFAST>OFF</FAILFAST><OUTPUT>STDOUT</OUTPUT><APPEND>STDOUT</APPEND><USER>N/A</USER><AGGREGATE>ON</AGGREGATE></CONTEXT></REQUEST><RESULTS NODE="745773"><CIM><INSTANCE CLASSNAME="Win32_PhysicalMemory"><PROPERTY NAME="Attributes" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>0</VALUE></PROPERTY><PROPERTY NAME="BankLabel" CLASSORIGIN="CIM_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="Capacity" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint64"><VALUE>4294967296</VALUE></PROPERTY><PROPERTY NAME="Caption" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="ConfiguredClockSpeed" CLASSORIGIN="Win32_PhysicalMemory" TYPE="uint32"><VALUE>4800</VALUE></PROPERTY><PROPERTY NAME="ConfiguredVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="CreationClassName" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>Win32_PhysicalMemory</VALUE></PROPERTY><PROPERTY NAME="DataWidth" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>64</VALUE></PROPERTY><PROPERTY NAME="Description" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALUE>Physical Memory</VALUE></PROPERTY><PROPERTY NAME="DeviceLocator" CLASSORIGIN="Win32_PhysicalMemory" TYPE="string"><VALUE>RAM slot #0</VALUE></PROPERTY><PROPERTY NAME="FormFactor" CLASSORIGIN="CIM_Chip" TYPE="uint16"><VALUE>8</VALUE></PROPERTY><PROPERTY NAME="HotSwappable" CLASSORIGIN="CIM_PhysicalComponent" PROPAGATED="true" TYPE="boolean"></PROPERTY><PROPERTY NAME="InstallDate" CLASSORIGIN="CIM_ManagedSystemElement" PROPAGATED="true" TYPE="datetime"></PROPERTY><PROPERTY NAME="InterleaveDataDepth" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint16"></PROPERTY><PROPERTY NAME="InterleavePosition" CLASSORIGIN="CIM_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Manufacturer" CLASSORIGIN="CIM_PhysicalElement" TYPE="string"><VALUE>VMware Virtual RAM</VALUE></PROPERTY><PROPERTY NAME="MaxVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="MemoryType" CLASSORIGIN="CIM_PhysicalMemory" TYPE="uint16"><VALUE>2</VALUE></PROPERTY><PROPERTY NAME="MinVoltage" CLASSORIGIN="Win32_PhysicalMemory" PROPAGATED="true" TYPE="uint32"></PROPERTY><PROPERTY NAME="Model" CLASSORIGIN="CIM_PhysicalElement" PROPAGATED="true" TYPE="string"></PROPERTY><PROPERTY NAME="Name" CLASSORIGIN="CIM_ManagedSystemElement" TYPE="string"><VALU

Source: C:\Windows\System32\wbem\WMIC.exe

Process information queried: ProcessInformation

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2332 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7144 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "c:\users\user\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "c:\users\user\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2332 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "c:\users\user\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1852 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe "c:\users\user\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2332 --field-trial-handle=1856,i,17617554358994610510,14757690041222998083,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "c:\program files (x86)\microsoft\edge\application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.winrtappidservice --lang=en-gb --service-sandbox-type=none --mojo-platform-channel-handle=7144 --field-trial-handle=1984,i,15054299527016391483,1067763043222321647,262144 /prefetch:8	Jump to behavior

Source: Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp

Binary or memory string: ..\..\electron\shell\browser\ui\views\electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\66h9yvsyifq9 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\66h9yvsyifq9\Autofill VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\66h9yvsyifq9\Passwords VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\66h9yvsyifq9\Autofill VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\66h9yvsyifq9\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\66h9yvsyifq9.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CommerceHeuristics VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\First Run VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationGuidePredictionModels VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OriginTrials VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\AppData\Roaming\All_Wallets.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\Downloads VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Users\user\Documents VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Program Files\Windows Defender\MpCmdRun.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe

Directory queried: C:\Users\user\Documents

Jump to behavior

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --window-position=-2400,-2400

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	231 Windows Management Instrumentation	1 DLL Side-Loading	112 Process Injection	11 Masquerading	1 OS Credential Dumping	221 Security Software Discovery	Remote Services	11 Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	131 Virtualization/Sandbox Evasion	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	1 Extra Window Memory Injection	112 Process Injection	Security Account Manager	131 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	5 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	12 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	44 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Launcher 1.0.0.exe	8%	ReversingLabs	Win32.Trojan.Malicord

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\ffmpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7ff349b6-3786-434c-86c1-c005510cad61.tmp.node	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\925d5ed0-3790-4c88-a2ff-cbb13dffed31.tmp.node	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\Launcher.exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\ffmpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\resources\elevate.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\vk_swiftshader.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\7z-out\vulkan-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl1AE4.tmp\nsis7z.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
catbox.moe	108.181.20.35	true	false	high
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
sb.scorecardresearch.com	18.244.18.122	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	172.217.16.196	true	false	high
googlehosted.l.googleusercontent.com	172.217.18.97	true	false	high
sni1gl.wpc.nucdn.net	152.199.21.175	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://assets.msn.com/staticsb/statics/latest/brand/new-msn-logo-color-white.svg	false		high
https://assets.msn.com/service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=B62A702D-1013-44F9-9EE4-60FF5F5A6889&ocid=pdp-peregrine&cm=en-us&it=app&user=m-3B0A95F3551264511B6180C5543765B7&scn=APP_ANON&source=market-consolidation	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://anglebug.com/4674	libGLESv2.dll.0.dr	false		high
https://duckduckgo.com/chrome_newtab	Web Data.36.dr	false		high
https://duckduckgo.com/ac/?q=	Web Data.36.dr	false		high
https://support.google.com/chrome/answer/6098869	zh-CN.pak.0.dr, fr.pak.0.dr	false		high
https://doh.familyshield.opendns.com/dns-query	Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
http://anglebug.com/4633	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://anglebug.com/7382	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://issuetracker.google.com/284462263	chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	false		high
https://public.dns.iij.jp/	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
http://crbug.com/550292	libGLESv2.dll.0.dr	false		high
http://crbug.com/883276	libGLESv2.dll.0.dr	false		high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000019.00000003.2002523036.00002DA405440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002359620.00002DA405398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002483364.00002DA4053BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002562718.00002DA40532C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002666314.00002DA40540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004994403.00002DA405368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004930724.00002DA405480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004844572.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002393068.00002DA4053AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004884261.00002DA40538C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/	chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	false		high
https://crbug.com/1356053	libGLESv2.dll.0.dr	false		high
https://photos.google.com/settings?referrer=CHROME_NTP	zh-CN.pak.0.dr, fr.pak.0.dr	false		high
https://anglebug.com/7714	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://doh.cox.net/dns-query	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://anglebug.com/5536	libGLESv2.dll.0.dr	false		high
https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106	libGLESv2.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://dns11.quad9.net/dns-query	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
http://crbug.com/1165751	libGLESv2.dll.0.dr	false		high
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl	zh-CN.pak.0.dr, fr.pak.0.dr	false		high
https://crbug.com/705865	libGLESv2.dll.0.dr	false		high
http://crbug.com/110263	libGLESv2.dll.0.dr	false		high
https://www.nic.cz/odvr/CZ.NIC	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
http://anglebug.com/6248	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://anglebug.com/6929	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://www.google.com/chrome/privacy/eula_text.htmlG	fr.pak.0.dr	false		high
http://anglebug.com/5281	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://public.dns.iij.jp/IIJ	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://issuetracker.google.com/255411748	chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nextdns.io/privacy	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://anglebug.com/7369	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://anglebug.com/7489	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://crbug.com/593024	libGLESv2.dll.0.dr	false		high
https://chrome.google.com/webstore	chrome.exe, 00000019.00000003.2001274541.00002DA405098000.00000004.00000800.00020000.00000000.sdmp	false		high
https://crbug.com/1137851	libGLESv2.dll.0.dr	false		high
https://drive-daily-2.corp.google.com/	chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000019.00000003.2002523036.00002DA405440000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002359620.00002DA405398000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002483364.00002DA4053BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006037117.00002DA40555C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002562718.00002DA40532C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002666314.00002DA40540C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004994403.00002DA405368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004930724.00002DA405480000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004844572.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005846149.00002DA4054F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2002393068.00002DA4053AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2005313374.00002DA404794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2004884261.00002DA40538C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developers.google.com/speed/public-dns/privacyGoogle	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Web Data.36.dr	false		high
https://dns64.dns.google/dns-query	Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://doh.opendns.com/dns-query	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://issuetracker.google.com/161903006	chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://anglebug.com/2152skipVSConstantRegisterZeroIn	libGLESv2.dll.0.dr	false		high
https://crbug.com/1300575	libGLESv2.dll.0.dr	false		high
https://drive-daily-1.corp.google.com/	chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	false		high
https://crbug.com/710443	libGLESv2.dll.0.dr	false		high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	false		high
https://crbug.com/1042393	libGLESv2.dll.0.dr	false		high
https://crbug.com/1060012	libGLESv2.dll.0.dr	false		high
http://anglebug.com/3078	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://anglebug.com/7553	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl	zh-CN.pak.0.dr, fr.pak.0.dr	false		high
http://anglebug.com/5375	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://anglebug.com/3246allowClearForRobustResourceInitSome	libGLESv2.dll.0.dr	false		high
http://anglebug.com/5371	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://anglebug.com/3997	libGLESv2.dll.0.dr	false		high
http://anglebug.com/4722	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://crbug.com/642605	libGLESv2.dll.0.dr	false		high
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000019.00000003.1977888775.00002DA4045C8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://public.dns.iij.jp/dns-query	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
http://anglebug.com/1452	libGLESv2.dll.0.dr	false		high
http://anglebug.com/7556	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://chrome.google.com/webstore?hl=frRaccourci	fr.pak.0.dr	false		high
https://support.google.com/chrome/a/answer/9122284	zh-CN.pak.0.dr, fr.pak.0.dr	false		high
https://drive-preprod.corp.google.com/	chrome.exe, 00000019.00000003.1979437931.00002DA404878000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore?hl=zh-CN	zh-CN.pak.0.dr	false		high
https://alekberg.net/privacy	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://crbug.com/650547callClearTwiceUsing	libGLESv2.dll.0.dr	false		high
http://anglebug.com/6692	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://issuetracker.google.com/258207403	chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3502	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://anglebug.com/3623	chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://anglebug.com/3625	chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://anglebug.com/3624	chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://chromium.dns.nextdns.io	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
http://anglebug.com/5007	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://crbug.com/1181068	libGLESv2.dll.0.dr	false		high
http://anglebug.com/2894	libGLESv2.dll.0.dr	false		high
http://anglebug.com/3862	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000019.00000003.2013784972.00002DA4050B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1999217828.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1998354932.00002DA405098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006584616.00002DA404738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2001380515.00002DA4050B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1999261153.00002DA405090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1998258262.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2006663516.00002DA405080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.2001274541.00002DA405098000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dns.google/dns-query	Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
http://anglebug.com/4836	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://issuetracker.google.com/issues/166475273	chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://passwords.google.comCompte	fr.pak.0.dr	false		high
http://int3.de/	elevate.exe.0.dr	false		high
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
http://anglebug.com/4384	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
https://chrome-devtools-frontend.appspot.com/	Launcher.exe, 00000002.00000000.1901830482.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp, Launcher.exe, 0000000C.00000000.1962379184.00007FF65E9AA000.00000002.00000001.01000000.00000008.sdmp	false		high
https://anglebug.com/7246enableCaptureLimitsSet	libGLESv2.dll.0.dr	false		high
http://anglebug.com/3970	chrome.exe, 00000019.00000003.1991431900.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997735364.00002DA40477C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1997776499.00002DA404B48000.00000004.00000800.00020000.00000000.sdmp, libGLESv2.dll.0.dr	false		high
http://anglebug.com/4267	libGLESv2.dll.0.dr	false		high
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList	zh-CN.pak.0.dr, fr.pak.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
108.181.20.35	catbox.moe	Canada	852	ASN852CA	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
172.217.18.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
20.151.152.98	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
4.249.200.148	unknown	United States	3356	LEVEL3US	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.244.18.122	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
23.47.51.164	unknown	United States	16625	AKAMAI-ASUS	false
142.250.115.95	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.101.168.44	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1555397
Start date and time:	2024-11-13 20:28:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	222
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Launcher 1.0.0.exe
Detection:	MAL
Classification:	mal80.troj.spyw.evad.winEXE@542/383@25/16
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95, 142.250.185.99, 142.250.184.206, 66.102.1.84, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 142.250.186.46, 13.107.6.158, 172.205.80.42, 2.19.126.152, 2.19.126.145, 88.221.110.195, 88.221.110.179, 2.23.209.166, 2.23.209.173, 2.23.209.160, 2.23.209.169, 2.23.209.171, 2.23.209.162, 2.23.209.174, 2.23.209.161, 2.23.209.167, 23.38.98.87, 23.38.98.82, 23.38.98.74, 23.38.98.83, 23.38.98.78, 23.38.98.85, 23.38.98.77, 23.38.98.75, 23.38.98.84, 2.23.209.185, 2.23.209.133, 2.23.209.192, 2.23.209.183, 2.23.209.181, 2.23.209.193, 2.23.209.178, 2.23.209.182, 13.74.129.1, 204.79.197.237, 13.107.21.237, 2.19.126.151, 2.19.126.157, 108.141.37.120, 142.250.115.94, 142.250.114.94, 142.250.113.94, 142.251.186.94
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, prod-agic-ne-8.northeurope.cloudapp.azure.com, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, prod-agic-we-5.westeurope.cloudapp.azure.com, a1834.dscg2.akamai.net, wildcardtlu-ssl.azureedge.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-m
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Launcher 1.0.0.exe

Simulations

Behavior and APIs

Time	Type	Description
14:29:27	API Interceptor	1x Sleep call for process: MpCmdRun.exe modified
14:29:28	API Interceptor	18x Sleep call for process: WMIC.exe modified
14:29:36	API Interceptor	19x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.159.61.3	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	aba5298f.msi	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse
	new.bat	Get hash	malicious	Unknown	Browse
	pdfguruhub.msi	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	specifications and technical requirements.pdf	Get hash	malicious	HTMLPhisher	Browse
108.181.20.35	Document.pdf.lnk	Get hash	malicious	Unknown	Browse	files.catbox.moe/p1yr9i.pdf
108.181.20.35	SecuriteInfo.com.HEUR.Trojan.OLE2.Agent.gen.26943.12401.msi	Get hash	malicious	LummaC Stealer	Browse	files.catbox.moe/nzct1p
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	aba5298f.msi	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	x.bat	Get hash	malicious	Unknown	Browse	162.159.61.3
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
s-part-0017.t-0009.t-msedge.net	https://pthn.airrcofvbc.com/YReXjN/#<EMAIL&gt	Get hash	malicious	Unknown	Browse	13.107.246.45
	Play_VM-Now(Jwright)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9wVGhOLmFpcnJjb2Z2YmMuY29tL1lSZVhqTi8=/#<EMAIL>	Get hash	malicious	Unknown	Browse	13.107.246.45
	Demande de proposition du Groupe Esp#U00e9rance et Cancer[45838].pdf	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://ad.broadstreetads.com/click/1073526	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://wumgud2ljf.benenulacs.shop/?email=YW1hcmlvbkBndWdnZW5oZWltLm9yZw==	Get hash	malicious	EvilProxy	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	View_alert_details_U(#3D3KV).html	Get hash	malicious	Unknown	Browse	13.107.246.45
	nj230708full.pdf.scr.exe	Get hash	malicious	AsyncRAT, AveMaria, StormKitty, VenomRAT	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
sb.scorecardresearch.com	https://pthn.airrcofvbc.com/YReXjN/#<EMAIL&gt	Get hash	malicious	Unknown	Browse	18.244.18.32
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.122
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.245.60.72
	https://www.canva.com/design/DAGOCNo1NUI/fm7sxEzJIeZ3v2miLpNZCw/view?utm_content=DAGOCNo1NUI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	18.245.60.72
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.65.39.56
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	18.244.18.122
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	18.244.18.27
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.245.60.72
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.245.60.72
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.244.18.122
catbox.moe	https://files.catbox.moe/iz3lne.zip	Get hash	malicious	Unknown	Browse	108.181.20.35
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	108.181.20.35
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	108.181.20.35
	file.exe	Get hash	malicious	FormBook	Browse	108.181.20.35
	file.exe	Get hash	malicious	FormBook	Browse	108.181.20.35
	Exploit Detector LIST (2).bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	1.cmd	Get hash	malicious	Unknown	Browse	108.181.20.35
	Exploit Detector.bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	Exploit Detector LIST (2).bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	SCV.cmd	Get hash	malicious	Unknown	Browse	108.181.20.35

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://pthn.airrcofvbc.com/YReXjN/#<EMAIL&gt	Get hash	malicious	Unknown	Browse	13.107.246.44
	Play_VM-Now(Jwright)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9wVGhOLmFpcnJjb2Z2YmMuY29tL1lSZVhqTi8=/#<EMAIL>	Get hash	malicious	Unknown	Browse	52.123.129.14
	https://wumgud2ljf.benenulacs.shop/?email=YW1hcmlvbkBndWdnZW5oZWltLm9yZw==	Get hash	malicious	EvilProxy	Browse	13.107.246.60
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	20.189.173.25
	https://l.e.expansion.com/rts/go2.aspx?h=1472587&tp=i-1NGB-A5-b00-1YXgaC-6v-X6KL-1c-1D5I0b-lAXcqWepVc-1yosex&pi=X3ChywZXQmNE8VeceGHlfotAef21gDzbhSQg1vZMQMU&x=%64%79%6E%61%6D%69%63%69%74%64%65%76%69%63%65%73%2E%63%6F%6D%2F%6A%6F%69%6B%64%6A%6D%65%75%65%2FFUDMSvpcJrwI1XV/YW5kcmV3Lm1hbnRlY29uQGZpcnN0b250YXJpby5jb20=	Get hash	malicious	HTMLPhisher	Browse	52.123.129.14
	Pmendon.ext_Reord_Adjustment.docx	Get hash	malicious	Captcha Phish	Browse	150.171.27.10
	https://carrier.businessappdevs.com/Baa9N	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.44
ASN852CA	https://files.catbox.moe/iz3lne.zip	Get hash	malicious	Unknown	Browse	108.181.20.35
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	108.181.20.35
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	108.181.20.35
	meerkat.spc.elf	Get hash	malicious	Mirai	Browse	207.102.160.232
	meerkat.sh4.elf	Get hash	malicious	Mirai	Browse	142.61.68.229
	mtv21xElsr.exe	Get hash	malicious	GhostRat, Nitol	Browse	108.181.157.69
	svhost.exe	Get hash	malicious	GhostRat, Nitol	Browse	108.181.157.69
	amen.arm.elf	Get hash	malicious	Unknown	Browse	216.226.40.246
	amen.ppc.elf	Get hash	malicious	Mirai	Browse	198.168.109.104
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	96.1.104.28
CLOUDFLARENETUS	https://trckacbm.com/url/ver/714099389/2931216/e7443d1a99daced93ca033af62f22f12	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://autoplay-voice-inout-transcribe.github.io/teams.voicemail.assistant/	Get hash	malicious	Unknown	Browse	188.114.96.3
	Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://lbjanitorialmaintenance.com/lllaw/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe	Get hash	malicious	Unknown	Browse	104.18.86.42
	https://lbjanitorialmaintenance.com/lllaw/	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://pthn.airrcofvbc.com/YReXjN/#<EMAIL&gt	Get hash	malicious	Unknown	Browse	188.114.96.3
	Play_VM-Now(Jwright)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe	Get hash	malicious	Unknown	Browse	1.1.1.1
	Play_VM-Now(Difioreconstruction)CLQD.html	Get hash	malicious	Unknown	Browse	188.114.96.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://pthn.airrcofvbc.com/YReXjN/#<EMAIL&gt	Get hash	malicious	Unknown	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45
	Play_VM-Now(Jwright)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45
	Play_VM-Now(Bfassl)CLQD.html	Get hash	malicious	Unknown	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45
	Play_VM-Now(Difioreconstruction)CLQD.html	Get hash	malicious	Unknown	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45
	https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9wVGhOLmFpcnJjb2Z2YmMuY29tL1lSZVhqTi8=/#<EMAIL>	Get hash	malicious	Unknown	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45
	Voicemail_+Transcription003593.docx	Get hash	malicious	Tycoon2FA	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45
	Demande de proposition du Groupe Esp#U00e9rance et Cancer[45838].pdf	Get hash	malicious	Unknown	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45
	https://ad.broadstreetads.com/click/1073526	Get hash	malicious	Unknown	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45
	View_alert_details_U(#3D3KV).html	Get hash	malicious	Unknown	Browse	4.175.87.197 40.126.32.133 184.28.90.27 13.107.246.45

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\d3dcompiler_47.dll	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse
	Xeno Executor Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	malware-DONT-RUN.ps1	Get hash	malicious	Unknown	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	8106
Entropy (8bit):	5.816848066784995
Encrypted:	false
SSDEEP:	192:asNAc/ZeiRUtYQak/Vz6qRAq1k8SPxVLZ7VTiq:asNA0klZ/96q3QxVNZTiq
MD5:	6B33004F7952CA61EF21B24D46857D79
SHA1:	F11945539EBD55FDFB11ED4C1C69573AEBC2F1E3
SHA-256:	14A5294DDFECFC36FDC7663E3BAFBDA2360C872D4BD0E84644A50CE27DF2A23A
SHA-512:	62A1B5602506FA9D6B7B4012EA2C11BC21A847B70898963D5FDFA49A1FF37750D87755FA3E407DE6C430BC723FAEADD10B922EEA9A987196151280EA94CE4E55
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

Process:	C:\Users\user\Desktop\Launcher 1.0.0.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	162117120
Entropy (8bit):	6.733463527380924
Encrypted:	false
SSDEEP:	1572864:ATmw0ciLNpDPuAvHxJLkY2O6Ea3f9kwZXeT6EivLp1vUAtdjtZn+f4FnIvGaC9dU:zv6E70+Mk
MD5:	76C8F7F191F2F33CC9FE1C2D3FABD39B
SHA1:	A155DE45981E17EB44E24F958E5E45A5891C3007
SHA-256:	F2FA065107D4246C08277A46A9503E2E7A24EE54C6FAF665742B542833490D8D
SHA-512:	2EBCDE708D22EBBFEBC5767F536C16F0B1F6E7C9EDE588550CFFC3DCDBC60D1E42AD1D7D835EA90A1FD50B2525CD58A94B3E5D2E44033CEA373AE67506F555B3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....&e..........".................P..........@..........................................`...........................................I.. ....M.h............p...f@..........`........?.......................?.(... !..@.............M.......I......................text............................... ..`.rdata..h.n.......n.................@..@.data....TB...Q.......P.............@....pdata...f@..p...h@...X.............@..@.00cfg..0............ ..............@..@.gxfg...pA.......B..."..............@..@.retplne.....@.......d...................rodata......P.......f.............. ..`.tls.........p.......x..............@...CPADinfo8............\|..............@...LZMADEC..............~.............. ..`_RDATA..\...........................@..@malloc_h+........................... ..`.rsrc...............................@..@.reloc.......`......................@..B................

Process:	C:\Program Files\Windows Defender\MpCmdRun.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	modified
Size (bytes):	4926
Entropy (8bit):	3.2445766618854015
Encrypted:	false
SSDEEP:	48:FaqdF79/0+AAHdKoqKFxcxkF3/waqdF7P+AAHdKoqKFxcxkFv:cEi+AAsoJjykzEP+AAsoJjykF
MD5:	DADC34ABD56B01A8D0FAFC5DF465E9B7
SHA1:	F9B3D46B33895D591C9FD5BD7F7E1EB1EEEADB71
SHA-256:	30E6055ED3916853B7399A29E043F53B9ADA2C498BA78DE952E422FF68BB1906
SHA-512:	CE8C2684DB69FB706512A3FE582C605AD81C213E525280E63B1E615C5C5FD33B9171A814CBFCD2E8B96B3EEAA5F0D91617FD504F48585F78B1CF36DCC35070A9
Malicious:	false
Preview:	..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. W.e.d. .. O.c.t. .. 0.4. .. 2.0.2.3. .1.2.:.0.3.:.4.2.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e........................................ .W.S.C. .S.t.a.t.e. .I.n.f.o. ................................................................. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. ..............................d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (780)
Category:	downloaded
Size (bytes):	785
Entropy (8bit):	5.128129538057672
Encrypted:	false
SSDEEP:	24:aNFNCrz30BBHslgT9lCuABuFA7F7HHHHHHHYqmffffffo:YFNC3WKlgZ01BuFYFEqmffffffo
MD5:	19578F503FAAF40FCC20E713BB75F9D4
SHA1:	35E04FFA73EAB893E11CCD5EA5E4810F293C3478
SHA-256:	5D43EFC798A49E558C787FF7EE654335A0E566F764787B62ED129084B3271731
SHA-512:	9C4A9123D2A5E9EE50CC3DD5D3D7758AC917376AA8F9FA15EB7A48D4D9251620904E1EA670EF62F0E725A2A55E7E441982EE8CE12C0E9E3BF669927EC2F215F8
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["mlb juan soto contract","black panther 3 denzel washington","starbucks red cup","agent bootcamp monopoly go rewards","bluesky social media","nasa asteroid approaching earth","rockaway beach oregon tornado","costco butter recalled"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1251,1250,601,600,553,552,551,550],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.9999893074822195
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Launcher 1.0.0.exe
File size:	77'310'944 bytes
MD5:	50d9fe99f65bb8af4ca058d23ea8de0c
SHA1:	041d1b6307b0323cfaac612e7dd912a67abe9fad
SHA256:	0afab4b26c198530fcaba9dfa5ee813ea3afc3427cb7cef62e3fb624538bf894
SHA512:	e9e7f0db661593425b5638fb832e0e7c0e81db66638fd7c48364faa54eaf40dbdf5239924a586f71158d65b82ff57bf6669a3a643930362f9165280eaa2e8ae2
SSDEEP:	1572864:0cMjLpMen/obRHPTqo2fgXo/EGgrFEuiM6uAva1WEC9+I/7:1MjLubtL7Xo/5Y2jMJeui9J7
TLSH:	C708331CB8C1132AC013D7B871656D3F7AFD82F129EABD739530A1562C5FD66F20AA21
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

Entrypoint:	0x40338f
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b34f154ec913d2d2c435cbd644e91687

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8610	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x10b000	0xcc0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2b0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6627	0x6800	7618d4c0cd8bb67ea9595b4266b3a91f	False	0.6646259014423077	data	6.450282348506287	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x14a2	0x1600	eecac1fed9cc6b447d50940d178404d8	False	0.4405184659090909	data	5.025178929113415	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x70ff8	0x600	db8f31a08a2242d80c29e1f9500c6527	False	0.5182291666666666	data	4.037117731448378	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x7b000	0x90000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x10b000	0xcc0	0xe00	9ca8299e2881d41d2c995c0226136f98	False	0.41517857142857145	data	4.193104408946286	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x10b1d8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.42473118279569894
RT_DIALOG	0x10b4c0	0x100	data	English	United States	0.5234375
RT_DIALOG	0x10b5c0	0xf8	data	English	United States	0.6330645161290323
RT_DIALOG	0x10b6b8	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x10b718	0x14	data	English	United States	1.2
RT_VERSION	0x10b730	0x24c	data	English	United States	0.4880952380952381
RT_MANIFEST	0x10b980	0x33e	XML 1.0 document, ASCII text, with very long lines (830), with no line terminators	English	United States	0.5542168674698795

DLL	Import
KERNEL32.dll	SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
USER32.dll	GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
ADVAPI32.dll	AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 13, 2024 20:29:33.608614922 CET	192.168.2.4	1.1.1.1	0x5b52	Standard query (0)	catbox.moe	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:38.555730104 CET	192.168.2.4	1.1.1.1	0xb1a1	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:38.555984020 CET	192.168.2.4	1.1.1.1	0xb458	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:42.220582008 CET	192.168.2.4	1.1.1.1	0x3f10	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:42.220838070 CET	192.168.2.4	1.1.1.1	0xc8b5	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:44.142467976 CET	192.168.2.4	1.1.1.1	0x7bd3	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:44.142781973 CET	192.168.2.4	1.1.1.1	0xf82e	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 13, 2024 20:29:44.334820032 CET	192.168.2.4	1.1.1.1	0x81a2	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:44.335010052 CET	192.168.2.4	1.1.1.1	0x86a9	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:45.697722912 CET	192.168.2.4	1.1.1.1	0x89b0	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:45.697928905 CET	192.168.2.4	1.1.1.1	0x6e02	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:46.129947901 CET	192.168.2.4	1.1.1.1	0x8ec1	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.130058050 CET	192.168.2.4	1.1.1.1	0xf06	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:46.134658098 CET	192.168.2.4	1.1.1.1	0x949b	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.134808064 CET	192.168.2.4	1.1.1.1	0x7fa9	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:46.142883062 CET	192.168.2.4	1.1.1.1	0x8bf0	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.143048048 CET	192.168.2.4	1.1.1.1	0x9a26	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:46.157454014 CET	192.168.2.4	1.1.1.1	0x7bb1	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.157855034 CET	192.168.2.4	1.1.1.1	0x1bb4	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:46.425403118 CET	192.168.2.4	1.1.1.1	0x4ba0	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.425546885 CET	192.168.2.4	1.1.1.1	0xa709	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:46.425925970 CET	192.168.2.4	1.1.1.1	0x7649	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.426096916 CET	192.168.2.4	1.1.1.1	0x8708	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 13, 2024 20:29:46.552233934 CET	192.168.2.4	1.1.1.1	0x196	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.552355051 CET	192.168.2.4	1.1.1.1	0x8eda	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 13, 2024 20:29:33.622001886 CET	1.1.1.1	192.168.2.4	0x5b52	No error (0)	catbox.moe		108.181.20.35	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:38.562865973 CET	1.1.1.1	192.168.2.4	0xb1a1	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:38.563421965 CET	1.1.1.1	192.168.2.4	0xb458	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 13, 2024 20:29:42.227391005 CET	1.1.1.1	192.168.2.4	0x3f10	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:42.236180067 CET	1.1.1.1	192.168.2.4	0xc8b5	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:44.151582956 CET	1.1.1.1	192.168.2.4	0xf82e	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:44.153848886 CET	1.1.1.1	192.168.2.4	0x7bd3	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:44.342252970 CET	1.1.1.1	192.168.2.4	0x81a2	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:44.342252970 CET	1.1.1.1	192.168.2.4	0x81a2	No error (0)	googlehosted.l.googleusercontent.com		172.217.18.97	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:44.342288971 CET	1.1.1.1	192.168.2.4	0x86a9	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:45.705558062 CET	1.1.1.1	192.168.2.4	0x89b0	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:45.705558062 CET	1.1.1.1	192.168.2.4	0x89b0	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:45.706752062 CET	1.1.1.1	192.168.2.4	0x6e02	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:29:46.141632080 CET	1.1.1.1	192.168.2.4	0x8ec1	No error (0)	sb.scorecardresearch.com		18.244.18.122	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.141632080 CET	1.1.1.1	192.168.2.4	0x8ec1	No error (0)	sb.scorecardresearch.com		18.244.18.27	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.141632080 CET	1.1.1.1	192.168.2.4	0x8ec1	No error (0)	sb.scorecardresearch.com		18.244.18.32	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.141632080 CET	1.1.1.1	192.168.2.4	0x8ec1	No error (0)	sb.scorecardresearch.com		18.244.18.38	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.146229029 CET	1.1.1.1	192.168.2.4	0x949b	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:46.147058010 CET	1.1.1.1	192.168.2.4	0x7fa9	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:46.153965950 CET	1.1.1.1	192.168.2.4	0x8bf0	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:46.153995991 CET	1.1.1.1	192.168.2.4	0x9a26	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:46.171638012 CET	1.1.1.1	192.168.2.4	0x1bb4	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:46.172660112 CET	1.1.1.1	192.168.2.4	0x7bb1	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:46.432740927 CET	1.1.1.1	192.168.2.4	0xa709	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:29:46.433099031 CET	1.1.1.1	192.168.2.4	0x4ba0	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.433099031 CET	1.1.1.1	192.168.2.4	0x4ba0	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.433975935 CET	1.1.1.1	192.168.2.4	0x7649	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.433975935 CET	1.1.1.1	192.168.2.4	0x7649	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.434006929 CET	1.1.1.1	192.168.2.4	0x8708	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:29:46.559020042 CET	1.1.1.1	192.168.2.4	0x196	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.559020042 CET	1.1.1.1	192.168.2.4	0x196	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:46.559338093 CET	1.1.1.1	192.168.2.4	0x8eda	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 13, 2024 20:29:47.092894077 CET	1.1.1.1	192.168.2.4	0x33a0	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:47.092894077 CET	1.1.1.1	192.168.2.4	0x33a0	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:47.551856995 CET	1.1.1.1	192.168.2.4	0x2780	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:47.551856995 CET	1.1.1.1	192.168.2.4	0x2780	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:47.552517891 CET	1.1.1.1	192.168.2.4	0x472e	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:49.579729080 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:49.579729080 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:50.602266073 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:50.602266073 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:51.616815090 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:51.616815090 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:53.621655941 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:53.621655941 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Nov 13, 2024 20:29:57.632081032 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 20:29:57.632081032 CET	1.1.1.1	192.168.2.4	0x6c61	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:23 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HCVAPlGT5fLrlfy&MD=y2WMRcoX HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-13 19:29:24 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: a1b0730d-5d40-4bf3-94f6-96b2b3fea1a9 MS-RequestId: d6f6dcb6-844f-4b0b-9d2a-a4fbdaef99f4 MS-CV: j9IKabOLdUqzjkn6.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 13 Nov 2024 19:29:23 GMT Connection: close Content-Length: 24490
2024-11-13 19:29:24 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-13 19:29:24 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:35 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-13 19:29:35 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=76577 Date: Wed, 13 Nov 2024 19:29:35 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:36 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-13 19:29:36 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=76626 Date: Wed, 13 Nov 2024 19:29:36 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-13 19:29:36 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:39 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-13 19:29:40 UTC	1266	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:29:39 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-K1uWr8O4SziwXZ3LeNmZKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-13 19:29:40 UTC	112	IN	Data Raw: 33 31 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 6c 62 20 6a 75 61 6e 20 73 6f 74 6f 20 63 6f 6e 74 72 61 63 74 22 2c 22 62 6c 61 63 6b 20 70 61 6e 74 68 65 72 20 33 20 64 65 6e 7a 65 6c 20 77 61 73 68 69 6e 67 74 6f 6e 22 2c 22 73 74 61 72 62 75 63 6b 73 20 72 65 64 20 63 75 70 22 2c 22 61 67 65 6e 74 20 62 6f 6f 74 63 61 6d 70 20 Data Ascii: 311)]}'["",["mlb juan soto contract","black panther 3 denzel washington","starbucks red cup","agent bootcamp
2024-11-13 19:29:40 UTC	680	IN	Data Raw: 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 72 65 77 61 72 64 73 22 2c 22 62 6c 75 65 73 6b 79 20 73 6f 63 69 61 6c 20 6d 65 64 69 61 22 2c 22 6e 61 73 61 20 61 73 74 65 72 6f 69 64 20 61 70 70 72 6f 61 63 68 69 6e 67 20 65 61 72 74 68 22 2c 22 72 6f 63 6b 61 77 61 79 20 62 65 61 63 68 20 6f 72 65 67 6f 6e 20 74 6f 72 6e 61 64 6f 22 2c 22 63 6f 73 74 63 6f 20 62 75 74 74 65 72 20 72 65 63 61 6c 6c 65 64 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d Data Ascii: monopoly go rewards","bluesky social media","nasa asteroid approaching earth","rockaway beach oregon tornado","costco butter recalled"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbm
2024-11-13 19:29:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:39 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-13 19:29:40 UTC	1042	IN	HTTP/1.1 200 OK Version: 694010790 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Wed, 13 Nov 2024 19:29:39 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-13 19:29:40 UTC	25	IN	Data Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a Data Ascii: 13)]}'{"ddljson":{}}
2024-11-13 19:29:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:39 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-13 19:29:40 UTC	1042	IN	HTTP/1.1 200 OK Version: 694010790 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Wed, 13 Nov 2024 19:29:39 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-13 19:29:40 UTC	336	IN	Data Raw: 32 37 62 38 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 27b8)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-13 19:29:40 UTC	1378	IN	Data Raw: 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 Data Ascii: gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u00
2024-11-13 19:29:40 UTC	1378	IN	Data Raw: 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c Data Ascii: 03c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\
2024-11-13 19:29:40 UTC	1378	IN	Data Raw: 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 Data Ascii: role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l22
2024-11-13 19:29:40 UTC	1378	IN	Data Raw: 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 Data Ascii: 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1
2024-11-13 19:29:40 UTC	1378	IN	Data Raw: 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 36 37 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 Data Ascii: ft_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700267,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else
2024-11-13 19:29:40 UTC	1378	IN	Data Raw: 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 4c 64 3b 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 Data Ascii: : Apache-2.0\n*/\nvar Ld;_.Jd\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u
2024-11-13 19:29:40 UTC	1378	IN	Data Raw: 33 64 5f 2e 58 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 59 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 59 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 Data Ascii: 3d_.Xd();return new _.Yd(b?b.createScriptURL(a):a)};_.$d\u003dfunction(a){if(a instanceof _.Yd)return a.i;throw Error(\"F\");};_.be\u003dfunction(a){if(ae.test(a))return a};_.ce\u003dfunction(a){if(a instanceof _.Nd)if(a instanceof _.Nd)a\u003da.i;else th
2024-11-13 19:29:40 UTC	194	IN	Data Raw: 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 0d 0a Data Ascii: {var c\u003db\|\|document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b\|\|c).querySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(
2024-11-13 19:29:40 UTC	367	IN	Data Raw: 31 36 38 0d 0a 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 70 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 41 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6f 65 2e Data Ascii: 168a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.pe\u003dfunction(a,b){_.Ab(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:oe.

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:44 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-13 19:29:44 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-13 19:29:44 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 13 Nov 2024 19:28:44 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C533_BAY x-ms-request-id: c65ecbab-d214-4ea3-a1d7-3e45c60c277a PPServer: PPV: 30 H: PH1PEPF0001B692 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 13 Nov 2024 19:29:44 GMT Connection: close Content-Length: 1276
2024-11-13 19:29:44 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Launcher 1.0.0.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3cd51979-6531-4920-887a-f16407230398.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5e972739-f3e9-4b6f-9eda-e827cb01dfeb.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\168ba7de-5f25-406d-880e-9f7fa1e93919.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6734FE23-6B0.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6734FE23-D64.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\187bd372-1fe9-4cf8-8d8e-a485d67bba5f.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\487c6f33-87e9-442a-8dff-50d66dbe8a59.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\56819216-a684-4bf9-9a74-5c1c6f86af78.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\79705f03-1df2-4108-9fdb-a0192b8f7041.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

Windows Analysis Report
Launcher 1.0.0.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:45 UTC	594	OUT	GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:29:45 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135771 X-GUploader-UploadID: AHmUCY0dlu2xL3gzZNmGhnRh6XycoJ_A9YvTK7QEx2FDsDIJWnfdzepMNdElyPyifS32FtvWSwVhqAcYmQ X-Goog-Hash: crc32c=5YFIVw== Server: UploadServer Date: Tue, 12 Nov 2024 20:33:29 GMT Expires: Wed, 12 Nov 2025 20:33:29 GMT Cache-Control: public, max-age=31536000 Age: 82576 Last-Modified: Tue, 22 Oct 2024 20:33:19 GMT ETag: a1239f8c_b608f476_b1045d58_830b10c8_3ed9cb2d Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-13 19:29:45 UTC	805	IN	Data Raw: 43 72 32 34 03 00 00 00 e2 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-13 19:29:45 UTC	1378	IN	Data Raw: aa 54 89 36 c1 f8 f2 5a f7 ba 97 f1 3f fe f5 43 56 d7 f2 f3 3c 8c e7 4b ff e3 ef 3f c6 cf aa aa f3 6b fd 97 a1 fa fc cb e9 ac aa 1f 7f fd 71 3d bf f7 95 fc 59 5e fa b1 ea c7 1f 7f ff d7 8f 21 7f a8 4b 2e f5 e7 ab 47 d8 14 a6 6d 08 6e 1b a9 59 d7 a5 59 ab f2 b1 7f e2 d6 f5 9c 75 d3 57 66 8e a7 d2 54 4f 22 d9 3f a1 dd 8b 8d ce f7 b3 f0 55 2f 52 64 ec 9b cb 59 7f be 8e 1a 6a ee bf ff de a9 ab 48 a3 f3 51 8d bf ec 7b b7 96 fe fb f9 78 de 4f 51 f3 7e 2b 7d bb ff fe 4c d9 39 5f 12 3a 97 2c 45 97 ef ef 0b 13 71 f1 30 26 ce df 1f 49 3b 62 c4 e0 48 bb b1 11 3e ea f2 8e 02 39 b3 7d 09 42 84 80 d8 92 2e 7c e4 41 b8 a9 7c 61 8b 47 e8 1c 82 eb b9 f4 a1 91 6f f7 4f 7b e5 5c 0b 13 d5 85 cf e6 83 09 bb 83 09 54 69 a1 5a 98 fa ba 1b e6 c2 dc 9c 0f db f0 51 98 ce ef f3 fc Data Ascii: T6Z?CV<K?kq=Y^!K.GmnYYuWfTO"?U/RdYjHQ{xOQ~+}L9_:,Eq0&I;bH>9}B.\|A\|aGoO{\TiZQ
2024-11-13 19:29:45 UTC	1378	IN	Data Raw: 88 1b 77 cc 06 18 f9 d1 78 a4 43 22 82 21 af 78 ed e5 3b 17 31 63 f2 12 16 6f 58 13 8a ac 6b 1f 08 96 b6 8e 59 b4 c8 5e 7b ff 95 e3 e3 6c 66 93 48 75 bd 57 d8 44 86 61 51 06 73 e9 21 bf d8 c1 38 0f 10 8e 94 67 c9 ae de 62 0f 6a 0d 08 71 f9 00 01 36 e4 d7 e2 f8 fd 7e ad e7 de 90 39 1c a3 5e 29 61 4c ee 81 a2 7b 44 c7 8e 2a b9 2d 76 d2 4b 76 32 2c a9 88 31 c0 6e d9 6b 8d a6 5a 8f 18 9d a2 60 79 ed cb ff 87 06 97 0d 1e 32 a3 56 32 10 9f b9 a9 d2 c4 8b 46 12 b8 5e dc 88 5e 98 61 86 3b 1d 0a 96 7b 16 9e c8 68 27 de 4a 05 5d 6c ca cd 72 ee c9 b5 fc 47 ed 73 37 d8 17 1e 9a eb 56 7a a1 49 00 ec 50 20 44 6e 0c 07 32 6b 0d f0 31 8f 82 17 33 36 ef 77 16 e0 38 a3 78 57 75 ef f7 45 fe d6 da dc 1b 3c a4 60 9b 5a c3 ab 54 de 7c 84 75 4b 00 a2 d8 aa 43 dd 63 24 a2 05 b3 Data Ascii: wxC"!x;1coXkY^{lfHuWDaQs!8gbjq6~9^)aL{D*-vKv2,1nkZ`y2V2F^^a;{h'J]lrGs7VzIP Dn2k136w8xWuE<`ZT\|uKCc$
2024-11-13 19:29:45 UTC	1378	IN	Data Raw: ec 3c 53 7b bd 2b 0d f6 8f 48 d5 27 4c 9d 21 67 cf 13 d5 fd 28 ef 16 fb ab 5b b1 72 6f 45 f7 8a 4f da b3 e7 94 c8 03 e1 ba 8f ea 98 8d ad 70 5b 75 d3 db 31 31 1e 65 20 3f 73 03 a7 8c c0 5d 02 07 98 cf a2 15 9d ee 3b 96 d8 5b 6e bd d6 e7 1c e9 c6 a6 3c ec 04 df 03 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 1b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 8e cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee b9 e4 ce 81 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 1e cc c8 00 69 9f 41 62 95 20 df bd 2c b1 bf 6b be 5b ba 52 77 ca c0 9b 04 7c b7 44 3b 68 e6 61 cf 76 78 4c 3a 74 24 9e d6 21 da de bf f7 1b 89 3f 5c 33 4b 7c e7 5f 9b f5 e1 23 f2 f7 8f ff 83 bf 91 02 97 ae 8d 7f 06 9c bd 4c 5d 83 7b e3 6b 6c 38 41 a1 10 8f 67 d6 26 30 9e 29 6c 6d ce c7 a7 68 e7 66 Data Ascii: <S{+H'L!g([roEOp[u11e ?s];[n<jOpD1j=h&U?%h@Q6PlNf"wiAb ,k[Rw\|D;havxL:t$!?\3K\|_#L]{kl8Ag&0)lmhf
2024-11-13 19:29:45 UTC	1378	IN	Data Raw: 73 be d1 73 8f fe f4 bd 21 33 d5 4d 7a 30 92 e6 a0 73 01 69 4f 6c e7 64 e7 06 c4 1f cd ca 43 29 99 d5 a9 e4 d2 27 1d 24 47 c6 70 b9 db 83 b8 ff e3 7b 43 fd 1c bd 60 8e 2a b8 9e 3b 74 be 19 0c 65 10 ff b7 71 9b 03 75 c2 bc 05 66 42 30 d4 bd 44 4c 1f e0 98 f8 e0 5e 51 d6 09 16 ee 62 8a 41 64 da 7a 3d 5a 33 a2 f1 1d 19 2a c9 80 f3 07 8d 29 4d f6 90 9d 6a f4 d8 56 61 85 9f 3a ce 4e 59 a7 6e a9 e5 ea 31 ff db f8 7b 43 fb aa 2b b5 c2 4c a8 10 57 3e 9d 12 73 e0 51 5f ef a3 40 64 48 ab 09 6b 6a 14 35 a1 2f 83 cb 26 d1 e4 cb 9d b8 cb 6e d2 3d 1d 90 fa 7e 9d 1e 6b cc d2 f8 7b 2e c6 37 f3 df 63 e9 ba ef fe 7d de f2 f4 a7 e7 2c 7f fb ee 20 7d 36 a6 a6 6a 7f 3b 2b 59 eb 18 b5 6f b9 8e 0b c1 c7 7b c1 1d 95 99 f6 ad e8 d4 b5 e8 6c ed 3f a7 af c2 af 3f 73 bf 3d ff ef 77 Data Ascii: ss!3Mz0siOldC)'$Gp{C`;tequfB0DL^QbAdz=Z3)MjVa:NYn1{C+LW>sQ_@dHkj5/&n=~k{.7c}, }6j;+Yo{l??s=w
2024-11-13 19:29:45 UTC	1378	IN	Data Raw: 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 76 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 50 03 fc 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 08 b1 f4 0b 14 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 3d 6f dc 30 0c dd fb 2b 08 cf 46 70 fd 1c b2 05 08 d0 a1 45 53 a4 59 02 64 61 4e b4 23 48 a6 04 8a 72 72 08 f2 df 4b 9d 7d 08 ce e8 d0 45 03 45 be f7 f8 1e 5f bb bd 10 2a 31 3d 77 97 af dd 44 a5 e0 48 dd 65 f7 e7 c7 d5 ef 2b f8 75 7f 77 d7 bd f5 1d bd e4 88 8c ea 13 a7 61 88 9e c9 f9 82 8f 91 dc f9 d4 75 85 87 ba db d1 17 81 b5 ef 02 6e 26 70 15 66 1f 23 20 cf cb 37 3b 84 ef 29 8d 91 e0 3a 85 3a 11 2b 54 45 06 cf 4a c2 a4 35 e7 90 72 36 84 b1 3f 42 0e df 72 66 Data Ascii: !-_locales/sv/messages.jsonUTPf R=o0+FpESYdaN#HrrK}EE_*1=wDHe+uwaun&pf# 7;)::+TEJ5r6?Brf
2024-11-13 19:29:45 UTC	1378	IN	Data Raw: d6 92 10 e8 84 d6 9a 4c 28 b9 28 68 15 81 3d 3a d0 47 7f 87 f5 aa c5 a0 2c 48 96 b4 9f 93 24 bf 74 ca 3b a4 a0 f9 6a e6 a1 cc 40 81 91 19 30 5d a1 39 7e 39 01 48 39 a0 4f 22 d8 2a e1 e0 08 be e7 cf 6d 6c b8 0b be c9 03 07 28 7d 6a dc e2 3f 42 98 78 2d d6 a1 b1 19 12 f8 68 b4 04 85 9d 97 35 1c 1b 0c 16 5f 55 b4 c5 fe ea 43 28 83 0e 40 08 bf 0d 79 16 7a c3 cf 26 b0 46 00 0e 4b 9e 50 f8 ed 3b 0e 8c 5d 3c 0b 64 ca 72 2e 90 41 1f b1 d4 e7 ed 22 33 dd 46 8d 4d 1a 99 c7 e4 99 3c 21 86 b1 e4 d2 54 27 cf df ef 91 4e 01 0d 30 81 96 55 96 37 4e 3d d0 01 5c b2 ca 55 80 04 ec aa e2 2a 73 90 6b ac 51 58 5b 6a 0a 34 8b b4 b7 4f b0 0d b9 c6 2c a1 85 38 3d c9 71 2f 07 ef 6d df 60 8f b9 82 8c 87 80 43 e8 d4 88 fe 62 9f b4 94 b9 d7 66 ac 7c 82 88 1d 51 d1 f9 61 37 fe 39 d8 Data Ascii: L((h=:G,H$t;j@0]9~9H9O"ml(}j?Bx-h5_UC(@yz&FKP;]<dr.A"3FM<!T'N0U7N=\UskQX[j4O,8=q/m`Cbf\|Qa79
2024-11-13 19:29:45 UTC	1378	IN	Data Raw: ad c4 ca 60 aa 12 70 5b 7b 7a c3 30 ec 7c ed 63 70 f3 2d c2 2b 61 1b 8f d7 00 1b e0 cd 2b ef 78 f7 a3 67 c0 39 32 a9 1f 80 6c 66 17 97 d6 80 80 69 32 ab bf c3 f0 d2 d1 02 c6 d1 d1 ca 7f 28 f3 d3 05 cf d7 e6 67 96 67 73 39 3b dd 9e 5f c5 2e 08 52 5b 60 e6 23 e4 24 80 17 de cf 8c 32 61 22 26 18 40 81 51 37 1a 3d e4 69 36 45 18 6c 38 96 b1 f8 bc 04 25 63 8c 69 6f 0b 8e 93 22 11 da 2b e2 2e dd 3c 66 df 7d 3c c4 05 36 71 e2 c9 b8 a6 7e 66 b3 9b 73 21 3a a7 95 67 38 d4 83 89 c3 d7 91 64 de c5 5b 01 f5 ff a5 13 58 78 d8 a8 54 25 22 24 d8 16 40 cd 81 70 5e c5 3b d8 dd 55 72 b8 9e d6 48 15 06 41 57 68 5b e8 27 30 b1 82 0f e8 09 d8 f8 24 0d ae 73 05 91 20 6f 32 84 0d f0 82 95 ca 25 80 50 f5 46 fa 49 1e 46 5e 38 4e d2 28 ef db ce 9f 18 54 a7 c3 53 4b c7 26 a2 ba e4 Data Ascii: `p[{z0\|cp-+a+xg92lfi2(ggs9;_.R[`#$2a"&@Q7=i6El8%cio"+.<f}<6q~fs!:g8d[XxT%"$@p^;UrHAWh['0$s o2%PFIF^8N(TSK&
2024-11-13 19:29:45 UTC	1378	IN	Data Raw: 58 0d 04 41 31 f1 f1 a8 15 a1 54 1e 5a 8d 72 3d e2 47 40 31 01 b6 e2 e3 20 ba 53 87 b9 64 39 96 a9 1f 50 8d c3 df 89 4f 3c 44 83 14 ce e2 33 f3 a3 46 d1 e2 45 58 a7 2c f7 48 0a 04 81 50 14 d0 11 86 4d 66 e7 ff be d5 aa ce 18 47 ec d9 2c f8 22 13 e5 35 27 b7 b0 97 2a bf 2c 0b d7 07 48 d7 30 c9 86 93 1f b0 17 3e b8 b1 bc a7 01 17 51 9c 66 55 50 9a b0 bb 80 25 f5 6f 33 e1 cf d4 9d 1c 93 ba 54 72 a7 e2 f6 75 97 90 fe 6f d2 46 10 67 11 75 4c 7e d0 94 af e3 4d 5d b4 38 17 ad 83 c4 09 26 df 24 fb 10 6d 5d e5 56 f8 11 0d 2d bb f3 2c 35 9d 43 aa d3 dc cc 21 ae 95 db 49 63 90 e8 bb b5 a2 31 68 28 4f c1 46 84 c4 ae 85 65 77 6e 1d 5c 72 28 c5 cb d9 9f 0c 82 36 6a 85 c3 0c cb 86 67 50 98 fd a8 5e 6f c5 03 8b 54 f3 c2 30 f0 94 72 6d 96 45 e2 75 68 b3 3c 02 83 6b 79 2f Data Ascii: XA1TZr=G@1 Sd9PO<D3FEX,HPMfG,"5'*,H0>QfUP%o3TruoFguL~M]8&$m]V-,5C!Ic1h(OFewn\r(6jgP^oT0rmEuh<ky/
2024-11-13 19:29:45 UTC	1378	IN	Data Raw: 14 0d 73 e2 64 7e de 02 18 e4 0f c3 f4 76 5f 5c be dd ce 6f 88 69 ac e4 50 fa ee 07 ab c8 a0 8b 52 e9 bb 55 6b fa 9f c6 22 3c 29 b7 da 31 d5 9e ae 5a b0 94 e9 7c 5c e7 66 a1 94 56 e8 81 c0 57 d2 a5 5b 41 6a 0e 92 60 dd 9b c4 c3 77 12 c5 dc 29 96 c5 76 0c 56 10 bf 85 d3 7f df 78 05 8d e2 78 fc 2e d0 e2 68 c5 5e ba e2 78 a2 f7 ae 74 a2 c9 5d 23 c5 a1 dd 77 87 05 87 09 52 cb 31 68 27 3d 4b 9d 65 b2 de 77 fd b1 ff 96 4d 3f 5e 60 b9 1e 38 a4 9e c8 b0 ea d5 db 24 51 55 05 52 b6 f2 27 f0 e4 fd 6c 75 91 a7 7f 43 1e 77 ee c0 54 0b 56 cd 31 4f 5e ee ea 9b de 9a b3 38 11 b7 da d9 f9 e5 0f 50 4b 07 08 fd 45 55 f9 17 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6d 6e 2f 6d 65 Data Ascii: sd~v_\oiPRUk"<)1Z\|\fVW[Aj`w)vVxx.h^xt]#wR1h'=KewM?^`8$QUR'luCwTV1O^8PKEUPK!-_locales/mn/me

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:46 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-11-13 19:29:46 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 68 65 64 78 6d 74 6f 78 61 7a 67 64 79 65 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 29 68 74 2f 4a 66 44 51 68 72 4d 4d 70 74 4f 56 4a 4e 4f 6a 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 61 6b 71 72 6c 66 67 75 6b 69 6a 65 76 6c 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02hedxmtoxazgdye</Membername><Password>)ht/JfDQhrMMptOVJNOj</Password></Authentication><OldMembername>02akqrlfgukijevl</OldM
2024-11-13 19:29:48 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Wed, 13 Nov 2024 19:28:46 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C528_BL2 x-ms-request-id: 2d76d48b-241a-4fca-a4ab-b80f12190d9b PPServer: PPV: 30 H: BL02EPF0001D973 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 13 Nov 2024 19:29:47 GMT Connection: close Content-Length: 17166
2024-11-13 19:29:48 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 43 30 30 46 31 31 35 32 30 37 34 34 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 31 35 66 34 30 31 31 63 2d 66 62 35 66 2d 34 32 66 63 2d 39 62 38 37 2d 64 32 35 30 30 36 62 66 65 31 31 61 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018C00F11520744</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="15f4011c-fb5f-42fc-9b87-d25006bfe11a" LicenseID="3252b20c-d425-4711
2024-11-13 19:29:48 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:46 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-13 19:29:46 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-13 19:29:46 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 13 Nov 2024 19:29:46 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e212c297f90e530-DFW alt-svc: h3=":443"; ma=86400
2024-11-13 19:29:46 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 17 00 04 8e fa 73 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcoms^)

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:47 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-13 19:29:47 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-13 19:29:47 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 13 Nov 2024 19:29:47 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e212c2d5c643177-DFW alt-svc: h3=":443"; ma=86400
2024-11-13 19:29:47 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 af 00 04 8e fa 72 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomr^)

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:47 UTC	486	OUT	GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: ArbitrationService Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:29:48 UTC	532	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:29:48 GMT Content-Type: application/octet-stream Content-Length: 11989 Connection: close Last-Modified: Tue, 12 Nov 2024 18:29:51 GMT ETag: 0x8DD0347FEE0231F x-ms-request-id: e1e2ba06-201e-0034-5d02-36c7af000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T192948Z-1749fc9bdbdhnf7rhC1DFWgd0n00000001d000000000nggk Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-13 19:29:48 UTC	11989	IN	Data Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45 Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:47 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:29:48 UTC	556	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:29:48 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Thu, 07 Nov 2024 20:03:34 GMT ETag: 0x8DCFF6742E8F24C x-ms-request-id: 16fac629-101e-001e-4202-36b2ea000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T192948Z-1749fc9bdbdjjp8thC1DFWye6g00000001bg00000000gvy4 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-13 19:29:48 UTC	15828	IN	Data Raw: 1f 8b 08 08 16 1d 2d 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: -gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-13 19:29:48 UTC	16384	IN	Data Raw: 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1 dc 86 43 a9 41 db Data Ascii: e\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7CA
2024-11-13 19:29:48 UTC	16384	IN	Data Raw: 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5 40 34 cd c4 ce 27 Data Ascii: kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkXpZs>"q@4'
2024-11-13 19:29:48 UTC	16384	IN	Data Raw: 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84 fb 4f 5b 04 9b a8 Data Ascii: _CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}eO[
2024-11-13 19:29:48 UTC	5227	IN	Data Raw: 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6 0e 92 0c 4e 75 b7 Data Ascii: a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(Nu

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:49 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:29:49 UTC	584	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:29:49 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: 94bdde0a-901e-0004-24a7-359d85000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T192949Z-r178fb8d765dbczshC1DFW33an00000001bg00000000a4c6 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 19:29:49 UTC	15800	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-13 19:29:49 UTC	16384	IN	Data Raw: a5 38 7d a8 02 c7 0a 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 Data Ascii: 8}u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5Qa
2024-11-13 19:29:49 UTC	16384	IN	Data Raw: 56 c6 75 11 82 12 e0 b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 Data Ascii: Vu,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35Q
2024-11-13 19:29:49 UTC	16384	IN	Data Raw: 15 3e 36 a4 6a 67 7e 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 Data Ascii: >6jg~B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M
2024-11-13 19:29:49 UTC	16384	IN	Data Raw: e5 2e b7 93 a4 b3 90 c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 Data Ascii: .kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~C
2024-11-13 19:29:50 UTC	16384	IN	Data Raw: df 26 b7 09 e8 f5 8c 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c Data Ascii: &{M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l
2024-11-13 19:29:50 UTC	16384	IN	Data Raw: c0 77 d7 f0 0b 75 ef b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e Data Ascii: wuO n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>
2024-11-13 19:29:50 UTC	16384	IN	Data Raw: 8f 67 d5 e8 e4 34 eb e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 Data Ascii: g4,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-11-13 19:29:50 UTC	16384	IN	Data Raw: c8 b1 0e c3 45 a4 cf 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 Data Ascii: E4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vH
2024-11-13 19:29:50 UTC	16384	IN	Data Raw: 94 22 1e 7d b0 6a 95 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 Data Ascii: "}jVG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:50 UTC	734	OUT	POST /api/browser/edge/data/toptraffic/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiSnRLaks5T3R1UnpOQU9mb0JDbGJ1UT09IiwgImhhc2giOiJnQUVIZzRXT1NTaz0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "170540185939602997400506234197983529371" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-13 19:29:50 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-13 19:29:50 UTC	252	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:29:50 GMT Content-Type: application/octet-stream Content-Length: 460992 Connection: close Server: Kestrel ETag: "638004170464094982" Request-Context: appId=cid-v1:a302ffdc-66e2-4f15-929a-164afd2d2584
2024-11-13 19:29:50 UTC	16132	IN	Data Raw: 00 01 b7 32 6c 49 bd 35 18 3c 43 00 3b d3 7b 9a 00 08 16 f5 5f 2b 6a 45 e7 a6 60 9a c2 7d 9c 16 00 0c 2d 9e cc 04 23 e9 41 f4 82 16 a9 4b 52 db 00 0c 6c e3 4d 30 2c 73 87 bc fb 29 94 39 d4 c2 00 0c b4 d9 e2 eb e5 8f d8 b5 78 ca fa c6 82 9e 00 0c da 46 f1 62 1d cd 1e ab c5 cd 6a 55 ed dc 00 0e 79 d2 8a 68 27 a0 d5 e5 e5 89 bf 4c 3c 1f 00 12 2a 1f c4 5a 99 f8 2a 25 e9 2a 92 1a f6 5f 00 14 b2 67 12 34 79 75 12 bc d6 99 a8 99 1c cc 00 14 c8 bf 10 27 63 3d b9 cd 49 30 99 bf d3 a1 00 17 f8 9d 81 a3 94 71 57 f8 bf 3c 3a 4e ba d2 00 1a 3c bc a6 55 f9 2c 4d 69 94 e9 c9 5f b9 8c 00 1f 17 b3 27 28 0e f5 55 df 39 10 21 05 ce 96 00 1f bc ff bf d8 75 92 d1 13 89 37 0b 86 dc 34 00 20 98 bc 45 61 f8 b8 0d 34 2e 2b fb 37 39 6b 00 21 54 ca 2d 35 57 fb 9f 21 b8 d7 9a 40 2b Data Ascii: 2lI5<C;{_+jE`}-#AKRlM0,s)9xFbjUyh'L<Z%*_g4yu'c=I0qW<:N<U,Mi_'(U9!u74 Ea4.+79k!T-5W!@+
2024-11-13 19:29:50 UTC	16384	IN	Data Raw: b8 6c 65 b5 81 d7 e8 96 a2 f6 fb f5 08 e9 4a 27 41 5a ef 9e 20 88 b1 dd 92 43 f1 c7 08 f6 31 2a b4 6b b0 d0 7b af f2 6e c0 3b 30 49 08 f7 14 46 2e c2 8e a1 9b 56 f6 89 ff 89 a1 a1 08 f8 86 49 94 74 f7 df c7 92 d3 f1 d5 09 db a4 08 f9 bb 85 2c 48 b7 6a b2 fe 9c 06 4c 91 ba af 08 fb 12 e5 67 95 f2 51 95 31 42 c4 14 92 6c 77 08 fb aa 20 c5 0c 96 4a 9a 6f 2e 40 d4 2b fd 90 08 fe aa 92 f9 b3 b3 8f b8 65 27 9b b9 df 14 f7 09 00 34 db 44 0d dd 66 70 53 8f 0b 31 18 8b ba 09 05 38 28 fa 80 5f eb 56 83 46 d1 dd 83 34 b7 09 06 35 0d 42 c1 3f 91 ee 97 ed f4 31 68 37 32 09 08 35 c9 14 24 10 2f b5 80 ac f7 9a 16 e6 e2 09 08 7a 82 38 a3 08 0b 00 2c 62 9c d0 2e d2 c4 09 09 d1 da a7 a8 16 cd 89 e5 ac fe b9 cc 8e 69 09 0e 20 d3 38 58 e2 6b 84 a1 e7 75 97 ad 75 61 09 0e 4d Data Ascii: leJ'AZ C1*k{n;0IF.VIt,HjLgQ1Blw Jo.@+e'4DfpS18(_VF45B?1h725$/z8,b.i 8XkuuaM
2024-11-13 19:29:50 UTC	16384	IN	Data Raw: 88 ca 0d 74 ff b7 03 d5 0b 17 29 2e 12 86 39 8d 65 51 d1 6b 43 f6 37 a6 5e 4e 7e d5 12 8c a6 4c a1 b4 9a f4 6b 69 49 eb 0d 33 90 eb 12 8f 60 36 ec 98 cd 7f 6a 59 fe c5 d1 d5 4b 38 12 92 da 96 3e 8a fd ee fb c5 ac d0 29 b4 8e 13 12 95 25 87 d8 33 f2 c0 16 e8 0f 63 67 d6 78 d1 12 96 03 01 99 d8 95 ea 2c 0a f8 85 62 05 db 93 12 96 52 aa 59 60 de e6 e9 8c 23 d4 b7 c1 34 3d 12 96 bf ae d0 b9 c2 92 db f1 41 07 61 b1 82 5d 12 97 53 89 b5 7c fd 88 82 19 c7 b1 b0 0f af ed 12 98 30 32 6a a5 03 4e 26 db 95 be 1b a9 a3 e2 12 9a ea fe 35 92 c8 f4 3b 7a 18 36 80 cb 78 bf 12 9b 33 a3 9e d9 7b 54 c8 7b da 3b ed a8 dd 25 12 9b 98 d3 83 cc 49 8e 52 58 13 7e 3f 04 d9 af 12 9c 0d 11 dc 93 65 32 c4 f0 f6 a9 12 25 13 25 12 9c 28 31 10 8a f9 38 40 df 1f 08 9f 08 d4 71 12 9f 71 Data Ascii: t).9eQkC7^N~LkiI3`6jYK8>)%3cgx,bRY`#4=Aa]S\|02jN&5;z6x3{T{;%IRX~?e2%%(18@qq
2024-11-13 19:29:50 UTC	16384	IN	Data Raw: 8c e6 1b 88 d1 53 7d a1 f2 bc f6 d3 1b bd 38 be aa 88 bb f2 1c 05 de ac 2c b3 63 c3 1b bf d8 bc e5 a8 4c 42 a1 5e 7d 76 56 07 18 dd 1b c1 05 6e 7a a0 f3 27 8e eb 4f 29 e6 e0 a0 2a 1b c2 a1 45 60 4f 19 d0 fa 94 66 c2 31 56 e0 ac 1b c3 58 61 04 7c 91 76 1b 27 0c 2e 05 4d 26 17 1b c4 0f 81 e0 48 ff 13 e9 e7 fd ae 77 76 47 85 1b c5 d5 9a 68 ef 46 53 52 de 8b 1c 3a 7b 4f 53 1b cc c2 c4 df 4d dc 18 9f 1a a6 aa 47 f5 9f 2e 1b cd 8c 32 11 55 08 6c 9c 2f 0b 09 34 58 ca d2 1b cf 2c 48 15 0b dd b9 a9 cc 90 e8 14 76 e1 c7 1b d1 50 e1 1f 03 b2 ff 0f ab b3 c3 a2 cf c2 1a 1b d6 7a 97 41 b9 a0 2a 37 7b ba 9a 0a 00 47 56 1b da a2 08 31 23 96 3c 24 0a b0 10 2f 5e b6 c3 1b dc 15 6b ce f9 b8 64 db f8 fb 84 2a d6 02 9b 1b dc 58 1e e3 44 3f fb c2 e7 7f 97 d4 41 5f 1c 1b dc 83 Data Ascii: S}8,cLB^}vVnz'O)E`Of1VXa\|v'.M&HwvGhFSR:{OSMG.2Ul/4X,HvPzA7{GV1#<$/^kd*XD?A_
2024-11-13 19:29:51 UTC	16384	IN	Data Raw: 9c f0 8f 05 68 32 cf 23 af 0f e9 31 25 17 e2 83 8c a0 e0 45 41 22 69 ae 51 16 97 9e 25 19 94 88 65 65 22 da 5c e4 68 67 07 cf 5f 7a 25 1e 6a 2e 6e bf 40 39 a7 91 dd 9f 82 5c b4 be 25 21 01 14 90 ab fe fa c5 d4 0a 62 0b cd 30 e1 25 21 03 7a 48 db 3d 1f b8 bc 66 91 12 c8 41 7f 25 24 00 6f 09 69 7b 22 bc d0 5a 82 9d c8 cb 00 25 24 76 95 60 1f 20 bf 51 8e ef 43 af 74 27 17 25 24 d0 90 ec 4d 35 f3 3b 75 d1 b6 56 62 63 3e 25 25 bd 14 86 f0 f0 dc 12 c9 55 32 f1 85 66 4f 25 25 de ea a2 0c 7b b9 31 02 c3 fc 10 0f 92 23 25 27 0a 2e 12 37 63 79 36 e7 03 6f 4c 1e 67 7e 25 29 ef 20 dd 60 cb e0 1f 91 82 96 c4 38 ef d3 25 2c 0d 19 1e 65 a3 27 9b 58 e2 44 e3 80 93 37 25 2c e2 18 e3 78 51 0e b2 f9 62 26 e5 78 8f 9f 25 36 84 bd bb 8f cc a6 bc 42 a8 bf 22 b0 f1 a9 25 3a 54 Data Ascii: h2#1%EA"iQ%ee"\hg_z%j.n@9\%!b0%!zH=fA%$oi{"Z%$v` QCt'%$M5;uVbc>%%U2fO%%{1#%'.7cy6oLg~%) `8%,e'XD7%,xQb&x%6B"%:T
2024-11-13 19:29:51 UTC	16384	IN	Data Raw: b6 07 8f 44 9d 29 36 4f 29 8a 7d 80 2e 1d 98 b7 c7 17 54 cd a1 2b c2 e9 29 21 98 f9 2e 1f 4a 0d ee 13 3f 5a 00 ff e7 0d f0 d4 1c 86 2e 21 27 d4 ff 4a 83 22 1e 86 3f 93 6b 62 a1 0e 2e 25 e1 37 a1 70 d4 f6 b3 17 bd e9 dd 8d 2a 44 2e 26 32 0d f4 82 4c f6 14 9e 97 92 23 fa 52 37 2e 2a 40 96 f4 4d 34 89 21 f2 49 39 e8 d3 d3 19 2e 2b ef 39 f1 8a 4a 7e 28 b9 d0 be 00 6f 35 68 2e 2e 95 d3 bd e3 e7 a0 d6 d0 25 5e 0d b7 b5 a5 2e 31 ce 53 a9 54 e0 3b 3c 2f fc 4d eb 0f a5 e1 2e 33 1e 46 e8 3a 01 30 91 17 49 f3 33 11 46 79 2e 36 b7 bb 07 e4 6d 92 d5 42 49 d7 e5 49 f4 85 2e 36 e8 96 57 36 97 bb 40 7a 3b ca 8a e0 7e 53 2e 3a 1e f2 97 75 d6 ae 4f f5 85 eb 36 38 65 e5 2e 3a 59 df c9 6e 75 92 ac 40 ac 59 a6 fd e4 1c 2e 3b 8e 5c 94 1d 75 39 54 06 13 6b 6e 7f ef 30 2e 43 e8 Data Ascii: D)6O)}.T+)!.J?Z.!'J"?kb.%7pD.&2L#R7.@M4!I9.+9J~(o5h..%^.1ST;</M.3F:0I3Fy.6mBII.6W6@z;~S.:uO68e.:Ynu@Y.;\u9Tkn0.C
2024-11-13 19:29:51 UTC	16384	IN	Data Raw: 02 f3 ca e4 05 cb a0 be 15 69 62 32 37 3c 37 3b db 81 8a b2 df cf ef b1 79 3f f8 ae 37 3d a3 01 e8 95 76 a1 63 78 77 2e 93 42 3d 4f 37 3e c4 08 a5 37 4f 84 43 dc 19 00 a9 8f 2e 0d 37 3f 82 55 cb cd 06 b9 0c 0d 94 f9 4f d6 82 e8 37 44 09 28 b8 33 ef b7 ee 6b 4c 90 ee e0 d1 3a 37 44 83 9a 56 2d 6a 58 ea 6b e5 8f 6a 1d 17 23 37 47 0f 55 f8 2b 1c 30 89 3a 1d e2 21 89 b7 42 37 4b 86 38 d0 cd 9f 96 62 d8 da bf d5 15 ed cb 37 4e 81 34 2b 0e ea ab 6f ae 29 15 59 32 ae 46 37 50 d2 0c 2a e2 ca 59 ec 21 86 70 f9 7a 6c d1 37 55 32 b2 91 f0 e7 b8 47 d0 f7 0f 64 90 d9 51 37 56 ce 44 24 61 58 d7 f8 d4 0d 8b fe 3d b0 27 37 58 1f 24 d2 a5 24 9c d7 5c 5a 71 f9 e9 f2 a3 37 58 9d d0 f0 06 3a 05 be 08 d9 90 bc 18 0d 71 37 5d 04 71 81 05 8e b6 9b 24 f2 54 35 1b 18 46 37 62 eb Data Ascii: ib27<7;y?7=vcxw.B=O7>7OC.7?UO7D(3kL:7DV-jXkj#7GU+0:!B7K8b7N4+o)Y2F7P*Y!pzl7U2GdQ7VD$aX='7X$$\Zq7X:q7]q$T5F7b
2024-11-13 19:29:51 UTC	16384	IN	Data Raw: 30 9b b9 2f 98 88 40 3b cc 98 d2 59 40 6d c4 d7 67 2a f1 8a f6 d5 d3 92 a9 c6 13 1d 40 71 5f 29 26 14 e2 86 f2 b1 3c d6 fc 07 07 4a 40 77 d4 86 06 be 80 6f b2 fd e4 19 fe 6b 6a 94 40 78 4d f5 b9 67 58 78 83 29 63 04 29 22 98 8d 40 7a 85 3f 10 18 78 19 d3 be 45 8d 0e 49 7b bb 40 7b 5d c5 55 97 e5 9d 35 9d 27 93 51 1d be 21 40 7d 42 88 f1 ca 9d ba 2a 28 3a f8 72 71 ba c7 40 7e 4d cf f4 13 b8 8f f1 9c e6 e4 a8 50 74 d0 40 80 bb 51 db 04 52 b7 b2 f3 5f dc db 6d 4b de 40 88 e2 91 a0 6c 67 8c d2 0b 9f d2 91 ca 6d 22 40 8a b9 d3 6a f9 07 64 05 ea 52 dc 44 82 0b 38 40 8b 54 ce 67 df 8c a3 48 2d 96 f6 ed e4 cf 78 40 8e 78 fd f9 d7 db ac 12 a0 80 27 db 9f 14 42 40 90 00 78 66 ff 66 2b 58 9f 18 13 aa 3d 6e b3 40 90 fa a1 0b 8e ee 2b 73 4b 59 c6 c9 b1 84 9b 40 93 53 Data Ascii: 0/@;Y@mg@q_)&<J@wokj@xMgXx)c)"@z?xEI{@{]U5'Q!@}B(:rq@~MPt@QR_mK@lgm"@jdRD8@TgH-x@x'B@xff+X=n@+sKY@S
2024-11-13 19:29:51 UTC	16384	IN	Data Raw: 66 82 7d 26 60 5e 84 ec 72 2a af 39 49 bb 12 c2 0a 6a 68 a1 f1 aa 3c 93 f9 79 13 0e 49 bb 81 dd 8c 7e 5d 19 6b 54 60 33 c1 1e 70 56 49 bc df 84 ed 14 a3 5d 07 06 25 84 6a 95 02 e0 49 bd eb 48 24 83 1e f1 e0 29 fe 9e e6 22 da 07 49 c1 2d 65 e8 79 f6 32 c8 9b 5b 3f 1a a8 9d b9 49 c4 33 af 97 7a e9 a1 ba ed 12 d0 a3 40 1e 42 49 c5 09 f1 9f 2c bb 61 75 14 cf 80 9c 0e 85 9e 49 c8 81 16 cb ae 60 54 25 eb 75 fe e4 b5 16 8c 49 cc 62 7c 10 80 46 f7 71 86 18 7b bd ea 45 5f 49 cd ad e9 e7 ee e9 a2 7e 24 2e 10 93 70 b0 ad 49 d1 bc ac 01 05 b1 9b be b4 f8 4e e6 0c 0d ac 49 d2 4b be 25 0a bd 70 d0 f7 10 c2 d7 38 8b f2 49 d4 c5 71 4c 7f 7a 2a 83 c3 c3 50 d2 c2 4c 3e 49 d5 40 eb ee b7 40 f4 16 fe b4 e7 35 d0 25 e3 49 d6 e7 89 68 04 ba a1 f5 37 3f 51 0a 5e cc 25 49 da b4 Data Ascii: f}&`^r9Ijh<yI~]kT`3pVI]%jIH$)"I-ey2[?I3z@BI,auI`T%uIb\|Fq{E_I~$.pINIK%p8IqLzPL>I@@5%Ih7?Q^%I

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:52 UTC	698	OUT	POST /api/browser/edge/data/settings/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 739 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiUGdzM2srREdzY2x5OFFJUi81elQxdz09IiwgImhhc2giOiIvTVg2cjhZVytSWT0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "2.0-0" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-13 19:29:52 UTC	739	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-13 19:29:52 UTC	302	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:29:52 GMT Content-Type: application/octet-stream Content-Length: 130439 Connection: close Server: Kestrel ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1" Request-Context: appId=cid-v1:a302ffdc-66e2-4f15-929a-164afd2d2584
2024-11-13 19:29:52 UTC	16082	IN	Data Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
2024-11-13 19:29:52 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
2024-11-13 19:29:52 UTC	16384	IN	Data Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
2024-11-13 19:29:52 UTC	16384	IN	Data Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
2024-11-13 19:29:52 UTC	16384	IN	Data Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63 Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
2024-11-13 19:29:53 UTC	16384	IN	Data Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
2024-11-13 19:29:53 UTC	16384	IN	Data Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
2024-11-13 19:29:53 UTC	16053	IN	Data Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924

Timestamp	Bytes transferred	Direction	Data
2024-11-13 19:29:52 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-13 19:29:52 UTC	536	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 19:29:52 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 848dde1d-101e-005a-5fa3-2c6e86000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241113T192952Z-16547b76f7fr4g8xhC1DFW9cqc0000000gp000000000x3nv Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 19:29:52 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<