Edit tour

Windows Analysis Report
YF3YnL4ksc.exe

Overview

General Information

Sample name:	YF3YnL4ksc.exe
Analysis ID:	1577203
MD5:	5fb35c53e68fc1fa0d555db9fcda099f
SHA1:	828bd14a630b4ff78d5159876ab004c8fd3e63cc
SHA256:	032fbff0c808c0de5d363a06a2dad711486cc4d05642858190cc3f8b0b56ba2e
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Allocates memory in foreign processes

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

Maps a DLL or memory area into another process

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Sigma detected: Potential Data Stealing Via Chromium Headless Debugging

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Writes a notice file (html or txt) to demand a ransom

Writes many files with high entropy

Writes to foreign memory regions

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables security privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Browser Execution In Headless Mode

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64native

YF3YnL4ksc.exe (PID: 3368 cmdline: "C:\Users\user\Desktop\YF3YnL4ksc.exe" MD5: 5FB35C53E68FC1FA0D555DB9FCDA099F)

Job Description.exe (PID: 7432 cmdline: "C:\Users\user\AppData\Local\Temp\Job Description.exe" MD5: C20EF77017D4930161CA76C2F2C70A8E)

Rader_OS.exe (PID: 10968 cmdline: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe MD5: 0A914DEC9E5D43DFA78DBA6638491859)

Rader_OS.exe (PID: 10316 cmdline: "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=14210420194471320556 --mojo-platform-channel-handle=1744 --ignored=" --type=renderer " /prefetch:2 MD5: 0A914DEC9E5D43DFA78DBA6638491859)

Rader_OS.exe (PID: 10308 cmdline: "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar\preload.js" --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8872924468974316961 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1 MD5: 0A914DEC9E5D43DFA78DBA6638491859)

chrome.exe (PID: 8360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain --user-data-dir=C:\Users\user\AppData\Local\Local-Data --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank MD5: DB46628EA19F23DEF3D3639E33431AD6)

chrome.exe (PID: 8808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Local-Data" --no-subproc-heap-profiling --field-trial-handle=1976,i,4805155226236665838,16544324395876925011,262144 --enable-features=NetworkService,NetworkServiceInProcess --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version=20240910-180202.367000 --mojo-platform-channel-handle=2020 /prefetch:3 MD5: DB46628EA19F23DEF3D3639E33431AD6)

cmd.exe (PID: 1252 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

taskkill.exe (PID: 10500 cmdline: taskkill /F /IM msedge.exe /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 10564 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 10592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

taskkill.exe (PID: 10492 cmdline: taskkill /F /IM msedge.exe /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 10872 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

taskkill.exe (PID: 9880 cmdline: taskkill /F /IM msedge.exe /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 3392 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 10344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

taskkill.exe (PID: 8152 cmdline: taskkill /F /IM msedge.exe /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 7668 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

taskkill.exe (PID: 10084 cmdline: taskkill /F /IM msedge.exe /T MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

msedge.exe (PID: 1972 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank MD5: F755556B2CE14570A86FB983EEA72F97)

msedge.exe (PID: 10716 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --field-trial-handle=2016,i,13634299322002045715,6805554880547277524,262144 --enable-features=NetworkService,NetworkServiceInProcess,msMetricsLogFastStartup,msSendMetricsLogOnClose --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3 MD5: F755556B2CE14570A86FB983EEA72F97)

msedge.exe (PID: 4712 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --field-trial-handle=4552,i,13634299322002045715,6805554880547277524,262144 --enable-features=NetworkService,NetworkServiceInProcess,msMetricsLogFastStartup,msSendMetricsLogOnClose --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:8 MD5: F755556B2CE14570A86FB983EEA72F97)

msedge.exe (PID: 3632 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --onnx-enabled-for-ee --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --field-trial-handle=4572,i,13634299322002045715,6805554880547277524,262144 --enable-features=NetworkService,NetworkServiceInProcess,msMetricsLogFastStartup,msSendMetricsLogOnClose --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:8 MD5: F755556B2CE14570A86FB983EEA72F97)

Rader_OS.exe (PID: 10772 cmdline: "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar" --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=18271155812633344397 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1 MD5: 0A914DEC9E5D43DFA78DBA6638491859)

Rader_OS.exe (PID: 3164 cmdline: "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=13805994154244213803 --mojo-platform-channel-handle=2852 /prefetch:2 MD5: 0A914DEC9E5D43DFA78DBA6638491859)

AcroRd32.exe (PID: 5824 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\Advertising_Campaign_Manager_Role_v2.pdf" MD5: 0F4FB7ADA3C27236864D008A1687AD8D)

RdrCEF.exe (PID: 9288 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215 MD5: 35AF5C1FA6FAC9569BB3FF6654A7152E)

RdrCEF.exe (PID: 9456 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1664,i,11306396049912346103,14596577498500937340,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 35AF5C1FA6FAC9569BB3FF6654A7152E)

crypted.exe (PID: 6580 cmdline: "C:\Users\user\AppData\Local\Temp\crypted.exe" MD5: B48C9F368745E6D89288BD4D40F3AADE)

conhost.exe (PID: 5304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

MSBuild.exe (PID: 7512 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

WerFault.exe (PID: 7428 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 324 MD5: 40A149513D721F096DDF50C04DA2F01F)

elevation_service.exe (PID: 10804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe" MD5: F557D8ABB5984175B3409105002C16D9)

cleanup

Sigma Signatures

System Summary

Sigma detected: Potential Data Stealing Via Chromium Headless Debugging

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain --user-data-dir=C:\Users\user\AppData\Local\Local-Data --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain --user-data-dir=C:\Users\user\AppData\Local\Local-Data --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank, CommandLine|base64offset|contains: b{rH+wx, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp

Sigma detected: Browser Execution In Headless Mode

Source: Process started

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain --user-data-dir=C:\Users\user\AppData\Local\Local-Data --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain --user-data-dir=C:\Users\user\AppData\Local\Local-Data --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank, CommandLine|base64offset|contains: b{rH+wx, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T09:43:15.994949+0100	2028371	3	Unknown Traffic	192.168.11.30	49740	23.223.194.206	443	TCP
2024-12-18T09:45:22.527348+0100	2028371	3	Unknown Traffic	192.168.11.30	49831	23.223.194.206	443	TCP

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T09:42:43.040267+0100	2035595	1	Domain Observed Used for C2 Detected	139.99.188.124	56001	192.168.11.30	49721	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: YF3YnL4ksc.exe

Avira: detected

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	ReversingLabs: Detection: 73%

Multi AV Scanner detection for submitted file

Source: YF3YnL4ksc.exe	ReversingLabs: Detection: 60%
Source: YF3YnL4ksc.exe	Virustotal: Detection: 57%			Perma Link

Source: YF3YnL4ksc.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\LICENSE.electron.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\LICENSE.electron.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Subresource Filter\Unindexed Rules\9.49.1\LICENSE.txt
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Subresource Filter\Unindexed Rules\9.51.0\LICENSE.txt

Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.223.194.206:443 -> 192.168.11.30:49740 version: TLS 1.2

Source:

Binary string: electron.exe.pdb source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Code function: 0_2_00402654 FindFirstFileA,	0_2_00402654
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Code function: 0_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_004054C6
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Code function: 0_2_00405E9C FindFirstFileA,FindClose,	0_2_00405E9C
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00672288 FindFirstFileExW,	4_2_00672288
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00672339 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	4_2_00672339

Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\Job Description.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\app-64.7z	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked\node_modules	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 139.99.188.124:56001 -> 192.168.11.30:49721

Source: global traffic

TCP traffic: 192.168.11.30:49721 -> 139.99.188.124:56001

Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox View	IP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3

Source: Joe Sandbox View

ASN Name: OVHFR OVHFR

Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49740 -> 23.223.194.206:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.11.30:49831 -> 23.223.194.206:443

Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.73
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.73
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.73
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.204
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.204
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.93.235
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.223.194.206
Source: unknown	TCP traffic detected without corresponding DNS query: 20.15.113.34
Source: unknown	TCP traffic detected without corresponding DNS query: 20.15.113.34
Source: unknown	TCP traffic detected without corresponding DNS query: 13.68.233.9
Source: unknown	TCP traffic detected without corresponding DNS query: 13.68.233.9
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381981663_1P3J4RQU2C8DK8IE4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239340418586_15W93I98EWXDJY7GO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239340418585_1K319IV1QEN3HBC0V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381054889_1NT8OC9G1HUQ0CLRB&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381981664_1SWAYVEP21DJGDQDY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381054898_12P3U9MBIMBJZZ38P&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Alert/Alert_OT_B.svg HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: assets.msn.comConnection: Keep-AliveCookie: _EDGE_V=1; MUID=26949C2B84536EAE0949892685346FA5; _C_ETH=1; _EDGE_S=SID=150A01BAABDC6E53064A14E3AA466F2C
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mail HTTP/1.1Host: mail.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKi1yQEIjbbJAQijtskBCKmdygEI6pHLAQiWocsBCIWgzQEI2/zNAQjlr84BCLm8zgEI377OAQjMv84BGPTJzQEYwa7OARidsc4BGJq8zgE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/?next=https%3A%2F%2Fwww.facebook.com%2F HTTP/1.1Host: www.facebook.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: fr=0sFGvNrnImvjgwTHy..BnYos9..AAA.0.0.BnYos9.AWVaK2N8u6A; ps_l=0; ps_n=0
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKi1yQEIjbbJAQijtskBCKmdygEI6pHLAQiWocsBCIWgzQEI2/zNAQjlr84BCLm8zgEI377OAQjMv84BGPTJzQEYwa7OARidsc4BGJq8zgE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKi1yQEIjbbJAQijtskBCKmdygEI6pHLAQiWocsBCIWgzQEI2/zNAQjlr84BCLm8zgEI377OAQjMv84BGPTJzQEYwa7OARidsc4BGJq8zgE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v5/yh/l/0,cross/F3UfhLFhao5.css HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v5/yv/l/0,cross/9ao2XiCSP4l.css HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/y0/r/w5OYqc0pmp2.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yI/r/YQKlW6Yx9l4.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/y1/r/4lCu2zih0ca.svg HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4i7M54/yi/l/en_US/3mO0XlClJK2.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yU/r/O7nelmd9XSI.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.xx.fbcdn.net/rsrc.php/v5/yh/l/0,cross/F3UfhLFhao5.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/y3/r/MRNfk0oAWa8.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /security/hsts-pixel.gif HTTP/1.1Host: facebook.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: datr=PotiZ_Y5zKZTtYSUIPnQNfBK; fr=0sFGvNrnImvjgwTHy..BnYos9..AAA.0.0.BnYos-.AWU2s3-jLLE; ps_l=1; ps_n=1; sb=PotiZ4PvEOyyrZBMn_X31T1T
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yp/r/QKQ461DX9Al.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yj/r/uxkR2CEYmJq.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.xx.fbcdn.net/rsrc.php/v5/yh/l/0,cross/F3UfhLFhao5.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKi1yQEIjbbJAQijtskBCKmdygEI6pHLAQiWocsBCIWgzQEI2/zNAQjlr84BCLm8zgEI377OAQjMv84BGPTJzQEYwa7OARidsc4BGJq8zgE=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yh/r/hPq02P8uOdr.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/y0/r/DlS8iOPbc-U.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yo/r/_E9yI6oelY6.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yS/r/ui2DkP-wt_7.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yQ/r/WeajZf_EolU.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yO/r/_tJ17sGyxOX.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4i4wF4/yy/l/en_US/rFKoy_cbCKN.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yc/r/51COKVv3uqA.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4ihVQ4/y-/l/en_US/xBsb4zeLucM.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v4/yw/r/gIn0tQyHe_i.js HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/yx/r/e9sqr8WnkCf.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2FAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: datr=PotiZ_Y5zKZTtYSUIPnQNfBK; fr=0sFGvNrnImvjgwTHy..BnYos9..AAA.0.0.BnYos-.AWU2s3-jLLE; ps_l=1; ps_n=1; sb=PotiZ4PvEOyyrZBMn_X31T1T
Source: global traffic	HTTP traffic detected: GET /mail HTTP/1.1Host: mail.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Microsoft Edge";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: www.cloudflare.comConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Rader_OS/15.1.0 Chrome/76.0.3809.146 Electron/6.1.12 Safari/537.36Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteAccept-Encoding: gzip, deflate, brAccept-Language: en-US
Source: global traffic	HTTP traffic detected: GET /102.129.152.205/json HTTP/1.1Host: ipinfo.ioConnection: keep-aliveAccept: application/json, text/plain, /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Rader_OS/15.1.0 Chrome/76.0.3809.146 Electron/6.1.12 Safari/537.36Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteAccept-Encoding: gzip, deflate, brAccept-Language: en-US
Source: global traffic	HTTP traffic detected: GET /weathermapdata/1/static/finance/taskbar/eventbrief.svg HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: assets.msn.comConnection: Keep-AliveCookie: _EDGE_V=1; MUID=26949C2B84536EAE0949892685346FA5; _C_ETH=1; _EDGE_S=SID=150A01BAABDC6E53064A14E3AA466F2C
Source: global traffic	HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: --optimize-for-size--noharmony-shipping--harmony--harmony-dynamic-import --harmony-import-meta--future--no-future--liftoff --wasm-tier-up--no-liftoff --no-wasm-tier-up--wasm-code-gc--no-wasm-code-gc--experimental-wasm-simd--no-experimental-wasm-simd--harmony-sharedarraybuffer --no-wasm-disable-structured-cloning --experimental-wasm-threads--wasm-disable-structured-cloning--harmony-sharedarraybuffer--no-harmony-sharedarraybuffer--global-gc-scheduling--no-wasm-trap-handler--no-untrusted-code-mitigationsV8.MemoryHeapUsedV8.MemoryHeapCommitted.gmail.docs.plus.inboxcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.comyahooamazonwikipedia equals www.youtube.com (Youtube)
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: tse1.mm.bing.net
Source: global traffic	DNS traffic detected: DNS query: c.pki.goog
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: mail.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: static.xx.fbcdn.net
Source: global traffic	DNS traffic detected: DNS query: facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: discord.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: global traffic	TCP traffic: 192.168.11.30:59668 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.30:59668 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.30:59668 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.30:59668 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.30:52808 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.30:52808 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.30:52808 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.30:52808 -> 239.255.255.250:1900

Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://EVSecure-ocsp.geotrust.com0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://aia.startssl.com/certs/ca.crt0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://aia.startssl.com/certs/ca.crt02
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://aia1.wosign.com/ca1-class3-server.cer0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://aia1.wosign.com/ca1g2-server3.cer0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://certs.godaddy.com/repository/1301
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://certs.starfieldtech.com/repository/1402
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalformed
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://clients3.google.com/cert_upload_json
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crbug.com/490015
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crbug.com/619103.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crbug.com/619103.Subsequence
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.certum.pl/ca.crl0h
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.comodoca.com/SecureCertificateServices.crl09
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.comodoca.com/TrustedCertificateServices.crl0:
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0;
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.entrust.net/g2ca.crl0;
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.entrust.net/rootca1.crl0;
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.geotrust.com/GeoTrustPCA-G3.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.geotrust.com/crls/gtglobal.crl04
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.geotrust.com/crls/secureca.crl0F
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.geotrust.com/crls/secureca.crl0N
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.globalsign.com/root.crl0V
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.globalsign.net/root.crl0=
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot.crl0F
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.starfieldtech.com/sfroot-g2.crl0L
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.starfieldtech.com/sfroot.crl0L
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.startssl.com/sfsca.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.startssl.com/sfsca.crl0f
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.thawte.com/ThawtePCA-G3.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl.ws.symantec.com/universal-root.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crls1.wosign.com/ca1.crl0m
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crls1.wosign.com/ca1.crl0q
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only#
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://foo.com
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://g.symcb.com/GeoTrustPCA-G3.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://g.symcb.com/crls/gtglobal.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://g.symcb.com/crls/gtglobal.crl0.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://g.symcd.com0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://g.symcd.com0L
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://g1.symcb.com/GeoTrustPCA.crl0)
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://g1.symcb.com/crls/gtglobal.crl0/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://g2.symcb.com0G
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://g2.symcb.com0L
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://https://.comClipboardHost
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://icl.com/saxon
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://isrg.trustid.ocsp.identrust.com0;
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://jsperf.com/call-apply-segu
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://l.twimg.com/i/hpkp_report
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://marijnhaverbeke.nl/git/acorn
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: YF3YnL4ksc.exe, YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, YF3YnL4ksc.exe, 00000000.00000000.804754510.0000000000409000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, YF3YnL4ksc.exe, 00000000.00000000.804754510.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Job Description.exe, 00000002.00000000.832022668.000000000040A000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://o.ss2.us/0
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.digicert.com0K
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.digicert.com0M
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.entrust.net00
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.entrust.net02
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.geotrust.com0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.geotrust.com0L
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr10
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.godaddy.com/02
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.godaddy.com/05
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.rootg2.amazontrust.com08
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.starfieldtech.com/08
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.starfieldtech.com/0;
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.startssl.com/ca0-
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.startssl.com/ca00
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.startssl.com00
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.thawte.com0;
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp.ws.symantec.com0k
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp1.wosign.com/ca104
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ocsp1.wosign.com/ca108
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://pca-g3-ocsp.geotrust.com0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://report-example.test/test
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://repository.certum.pl/ca.cer09
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://s.ss2.us/r.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://s2.symcb.com0k
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://stackoverflow.com/a/22747272/680742
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://stackoverflow.com/a/5501711/3561
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://subca.ocsp-certum.com0.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://subca.ocsp-certum.com01
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://t.symcb.com/ThawtePCA.crl0)
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://t.symcd.com01
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0)
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://t2.symcb.com0;
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://t2.symcb.com0A
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://unisolated.invalid
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://wpad/wpad.dat
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheck
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://wpad/wpad.datoriginal_urlexpect_spdyusing_quicproto
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.certum.pl/CPS0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.color.org
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.color.orgRegistryNameOutputConditionIdentifiersRGB
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.entrust.net/CPS0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.entrust.net/rpa0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.geotrust.com/resources/cps0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.geotrust.com/resources/cps0)
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.geotrust.com/resources/cps06
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.geotrust.com/resources/cps0;
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.geotrust.com/resources/cps0A
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.google.com/support/talk/bin/request.py
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-extensiontype-values
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01http://www.webrtc.org/exper
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.jclark.com/xt
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.keynectis.com/PC07
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.keynectis.com/PC08
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.startssl.com/intermediate.pdf0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.startssl.com/policy.pdf04
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.startssl.com/policy0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.startssl.com/sfsca.crl0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.startssl.com/sfsca.crt0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.symauth.com/rpa0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.symauth.com/rpa0)
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-timeurn:3gpp:video-orientationhttp://www.ietf.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-timeurn:ietf:params:rtp-hdrext:ssrc-audio-leve
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-spaceurn:ietf:params:rtp-hdrext:sdes:rtp-stream-i
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00http://www.webrtc.org/experi
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.wosign.com/policy/0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://x.ss2.us/x.cer0&
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtdddd
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://android.com/pay
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://android.com/payhttps://google.com/payTESTTotal
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=8326
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=695438).
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://certs.godaddy.com/repository/0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://certs.starfieldtech.com/repository/0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://clients3.google.com/ct_upload
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://clients3.google.com/ct_uploadhttps://log.getdropbox.com/log/expectcthttps://scotthelme.repor
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/401439).
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/680046)
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/680046)P
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/824647
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/882238.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/979235.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/979235.Document
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/v8/8520
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://crbug.com/v8/8520optimize_for_sizeEnables
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/extensions/renderer/script_injection.cc?type=cs&sq=package:chro
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://cspreports.srvcs.tumblr.com/hpkp
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://dev.chromium.org/throttling
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/content_scripts
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/i18n#method-getMessage
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/i18n#overview-predefined
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/match_patterns
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/runtime#method-connect
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/runtime#method-getManifest
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/runtime#method-getURL
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/runtime#method-sendMessage
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/tabs#method-executeScript
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/tabs#method-sendMessage
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developers.chrome.com/origintrials/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developers.chrome.com/origintrials/Error
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-write
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-writeDocument.write
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2019/07/web-components-time-to-upgrade
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://electronjs.org/docs/tutorial/security.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://feross.org
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/Microsoft/TypeScript/issues/2521
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/WICG/feature-policy/blob/master/features.md#sensor-features
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/WICG/feature-policy/blob/master/features.md#sensor-featuresP
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/acornjs/acorn.git
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/issues
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/antirez/linenoise
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/beatgammit/base64-js/issues/42
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/master/index.js
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: Rader_OS.exe, 00000013.00000003.1222140201.000001DBBEAF8000.00000004.00000020.00020000.00000000.sdmp, Rader_OS.exe, 00000013.00000003.1223717646.000001DBBEAF9000.00000004.00000020.00020000.00000000.sdmp, Rader_OS.exe, 00000013.00000003.1214009464.000001DBBEAF8000.00000004.00000020.00020000.00000000.sdmp, Rader_OS.exe, 00000013.00000003.1214352503.000001DBBEB02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/pull/17464
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/feross/buffer/issues/154
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/feross/buffer/issues/166
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/feross/buffer/pull/148
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/feross/buffer/pull/97
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/repairES5.js
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/startSES.js
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/1707
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/mozilla/sweet.js/wiki/design
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: Rader_OS.exe, 00000013.00000003.1209624317.000001DBBE9E9000.00000004.00000020.00020000.00000000.sdmp, Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/14909
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/21219
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000013.00000003.1209531089.000001DBBE9FC000.00000004.00000020.00020000.00000000.sdmp, Rader_OS.exe, 00000013.00000003.1209732848.000001DBBEA01000.00000004.00000020.00020000.00000000.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/nodejs/node/wiki/Intl
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/substack/node-browserify#multiple-bundles
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/tc39/proposal-frozen-realms/blob/91ac390e3451da92b5c27e354b39e52b7636a437/shim/sr
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/7K7WLu
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/7K7WLu.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/7K7WLuThe
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/LdLk22
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/LdLk22Empty
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/LdLk22Failed
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/Y0ZkNV).
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/rStTGz
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/xX8pDD
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/xX8pDDplay()
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/ximf56
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/ximf56Allow
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/yabPex
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://goo.gl/yabPexextra_keys_may_be_added_here.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://google.com/pay
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://history.report-uri.com/r/d/ct/reportOnly
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://log.getdropbox.com/hpkp
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://log.getdropbox.com/log/expectct
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://mikewest.github.io/cors-rfc1918/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://mths.be/punycode
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://no-color.org/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://nodejs.org/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspector
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://nodejs.org/static/favicon.ico
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://nodejs.org/static/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUrlCompatwebSocket
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://scotthelme.report-uri.com/r/d/ct/reportOnly
Source: YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://tobiassachs.report-uri.com/r/d/ct/reportOnly
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#direct-individualization.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-identifier)
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-permanent-
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://webrtc.org/web-apis/chrome/unified-plan/.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://wicg.github.io/cors-rfc1918/
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.alphassl.com/repository/03
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/4510564810227712.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5082396709879808
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5082396709879808BeforeUnloadNoGestureBlocked
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5088147346030592.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5138066234671104
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5148050062311424
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5148050062311424LitePageServedmailto;
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5527160148197376
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5629582019395584.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5629582019395584.The
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5633521622188032.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.NavigatorVibrate0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5654791610957824
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5669008342777856
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.Blocked
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5687444770914304
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5709390967472128
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5735596811091968
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillRedirectRequestWil
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952blinkAddEventListenerAdded
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608Added
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/6170540112871424
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/6451284559265792
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/6708326821789696
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/%s
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/4510564810227712
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/4775088607985664
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/4964279606312960
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5637885046816768.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5654810086866944
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5851021045661696.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5851021045661696.The
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/6072546726248448
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/6107495151960064
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.chromestatus.com/features/6680566019653632
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.geotrust.com/resources/cps04
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.geotrust.com/resources/cps06
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.geotrust.com/resources/repository0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.globalsign.com/repository/03
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.google.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.google./_/chrome/plus.google.cominbox.google.comdrive.google.comServiceWorker.DiskCache.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.google.com/speech-api/full-duplex/v1
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.google.com/speech-api/full-duplex/v1key=pair=output=pb&/down?speech_recognition_downstre
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocatemacAddresssignalStrengthchannelsignalToNoiseRatio
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/a/google.com/origins.json
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/origins.json
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/origins.jsonhttps://www.gstatic.com/securitykey/a/google.com/ori
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.thawte.com/cps0
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.thawte.com/cps0)
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.thawte.com/cps02
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.thawte.com/cps07
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49683
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49682
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.11.30:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.223.194.206:443 -> 192.168.11.30:49740 version: TLS 1.2

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

Code function: 0_2_00404FCB GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00404FCB

Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp

Binary or memory string: GetRawInputData

memstr_d50bc987-7

Spam, unwanted Advertisements and Ransom Demands

Writes a notice file (html or txt) to demand a ransom

Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File dropped: C:\Users\user\AppData\Local\Local-Data\ZxcvbnData\3\english_wikipedia.txt -> decrypticelanderssanamchelanjoviangrudginglypenalisedsubscriptgambrinuspoaceaeinfringementsmaleficentrunciman148thsupersymmetrygranitesliskeardelicitinginvolutionhallstattkitzbuhelshanklysandhillsinefficienciesyishuvpsychotropicnightjarswavellsangamonvaikundarchoshuretrospectivespitestigiganteahashemibosnagakuinsiochanaarrangersbaronetciesnarayanitemeculacrestonkoscierzynaautochthonouswyandotannistonigrejamobilisebuzaudunstermusselburghwenzhoukhattakdetoxificationdecarboxylasemanliuscampbellscoleopteracopyistsympathiserssuisuneminescudefensortransshipmentthurgausomertonfluctuatesambikaweierstrasslukowgiambattistavolcanicsromanticizedinnovatedmatabelelandscotiabankgarwolinpurined'auvergneborderlandmaozhenpricewaterhousecooperstestatorpalliumscout.commv/pinazcacuraciesupjohnsarasvatimonegasqueketrzynmaloryspikeletsbiomechanicshaciendasrappeddwarfedstewsnijinskysubjectionmatsuperceptibleschwarzburgmidsection			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File dropped: C:\Users\user\AppData\Local\Local-Data\ZxcvbnData\3\us_tv_and_film.txt -> decryptiondecoysdecoupagedecompressdecibeldecadencedeafeningdawningdaterdarkeneddappydallyingdagonczechoslovakianscuticlescutenesscupboardsculottescruisincrosshairscronyncriminalisticscreativelycreamingcrappingcrannycowedcontradictingconstipationconfiningconfidencesconceivingconceivablyconcealmentcompulsivelycomplainincomplacentcompelscommuningcommodecommingcommensuratecolumnistscolonoscopycolchicinecoddlingclumpclubbedclowningcliffhangerclangcissychooserschokerchiffonchanneledchaletcellmatescatharticcaseloadcarjackcanvasscanisterscandlestickcandlelitcamrycalzonescalitricaldybylinebutterballbustierburlapbureaucratbuffoonsbuenasbrooklinebronzedbroiledbrodabrissbriochebriarbreathablebraysbrassieresboysenberrybowlineboooobooniesbookletsbookishboogeymanboogeybogasboardinghousebluuchblunderingbluerblowedblotchyblossomedbloodworkbloodiedblitheringblinksblatheringblasphemousblackingbirdsonbingsbfmidbfastb			Jump to dropped file

Writes many files with high entropy

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	File created: C:\Users\user\AppData\Local\Temp\Job Description.exe entropy: 7.99998203168	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\app-64.7z entropy: 7.99999182307	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\component_crx_cache\efniojlnjndmcbiieegkicadnoecjjef_1.22da50bca40ebd9dcf90d85dbf17a7eedfde0229b0a64e30ee55fbd960a3e47d entropy: 7.99673916633	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\component_crx_cache\jflookgnkcckhobaglndicnbbgbonegd_1.2615170554f3293586bc51fabc3cbf3d6058b396f1bb0252eb4bf9c25e6481c0 entropy: 7.99347597483	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\component_crx_cache\ojhpjlocmbogdgmfpkhlaaeamibhnphh_1.545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff entropy: 7.99867894993	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\component_crx_cache\obedbbhbpmojnkanicioggnmelmoomoc_1.10e12171bcb40dd4dd07ed0b321f6a878725b6d645f1d5642d49dc8f493dd3bb entropy: 7.99685431272	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\component_crx_cache\neifaoindggfcjicffkgpmnlppeffabd_1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed entropy: 7.99758023731	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\component_crx_cache\mfhmdacoffpmifoibamicehhklffanao_1.07e00e1cfad5b4667227f28cecde9374cf0e2dc5265905e1c3195667b3791225 entropy: 7.99783398358	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\optimization_guide_model_store\15\E6DC4029A1E4B4C1\0D3B132230116222\override_list.pb.gz entropy: 7.99734697974	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Safe Browsing\UrlBilling.store.4_13369745386374614 entropy: 7.99673987555	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Safe Browsing\UrlSoceng.store.4_13369745386041450 entropy: 7.99999058262	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Safe Browsing\UrlMalBin.store.4_13369745386408573 entropy: 7.99985617235	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Safe Browsing\UrlHighConfidenceAllowlist.store.32_13369745386427231 entropy: 7.99942220579	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Safe Browsing\UrlCsdDownloadAllowlist.store.32_13369745386376397 entropy: 7.99513199454	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Safe Browsing\UrlMalware.store.4_13369745386349536 entropy: 7.99920125517	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Safe Browsing\UrlUws.store.4_13369745386359638 entropy: 7.99891413781	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Safe Browsing\UrlSubresourceFilter.store.4_13369745386381846 entropy: 7.99909719722	Jump to dropped file

System Summary

.NET source code contains very large array initializations

Source: 4.2.crypted.exe.4a8fa20.1.raw.unpack, MapBaseAuth.cs

Large array initialization: PatchThread: array initializer size 299104

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process Stats: CPU usage > 6%

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

Code function: 0_2_0040310D EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

0_2_0040310D

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Code function: 0_2_00406B01	0_2_00406B01
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Code function: 0_2_0040632A	0_2_0040632A
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Code function: 0_2_004047DC	0_2_004047DC
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F9010	4_2_005F9010
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DC080	4_2_005DC080
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005CCCD0	4_2_005CCCD0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005FD4B0	4_2_005FD4B0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005C9DB0	4_2_005C9DB0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005C9660	4_2_005C9660
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D1860	4_2_005D1860
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0060C020	4_2_0060C020
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D0810	4_2_005D0810
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E6010	4_2_005E6010
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0061F039	4_2_0061F039
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0065E800	4_2_0065E800
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DA030	4_2_005DA030
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00653010	4_2_00653010
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005C8821	4_2_005C8821
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0060D0E0	4_2_0060D0E0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DA8D0	4_2_005DA8D0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F80D0	4_2_005F80D0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006380F0	4_2_006380F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006320F0	4_2_006320F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006030C0	4_2_006030C0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D78F0	4_2_005D78F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005FF8F0	4_2_005FF8F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006480D0	4_2_006480D0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005FE8E0	4_2_005FE8E0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0067608B	4_2_0067608B
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00630090	4_2_00630090
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EB0A0	4_2_005EB0A0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00635160	4_2_00635160
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EC940	4_2_005EC940
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00611940	4_2_00611940
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00639940	4_2_00639940
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00608150	4_2_00608150
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00604120	4_2_00604120
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EC110	4_2_005EC110
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00607930	4_2_00607930
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005FC100	4_2_005FC100
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0060D9E0	4_2_0060D9E0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0062C1E0	4_2_0062C1E0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E79C0	4_2_005E79C0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006229C0	4_2_006229C0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005C61F0	4_2_005C61F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DE9F0	4_2_005DE9F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F11F0	4_2_005F11F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0062D1A0	4_2_0062D1A0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0060C980	4_2_0060C980
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E29B0	4_2_005E29B0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EF250	4_2_005EF250
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0060A220	4_2_0060A220
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00604A20	4_2_00604A20
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0060AA20	4_2_0060AA20
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00610A20	4_2_00610A20
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00632A30	4_2_00632A30
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00614200	4_2_00614200
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D3A20	4_2_005D3A20
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EEA20	4_2_005EEA20
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0066BAE9	4_2_0066BAE9
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006052F0	4_2_006052F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D52C0	4_2_005D52C0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0061BAC0	4_2_0061BAC0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00666AC0	4_2_00666AC0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005ED2E0	4_2_005ED2E0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E4290	4_2_005E4290
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00606290	4_2_00606290
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00612290	4_2_00612290
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0061E360	4_2_0061E360
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0060B370	4_2_0060B370
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E5B40	4_2_005E5B40
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EDB60	4_2_005EDB60
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E8360	4_2_005E8360
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D2B10	4_2_005D2B10
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D1B10	4_2_005D1B10
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DE300	4_2_005DE300
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006313F0	4_2_006313F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EDBC3	4_2_005EDBC3
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D2390	4_2_005D2390
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F7B80	4_2_005F7B80
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00602B90	4_2_00602B90
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00654B90	4_2_00654B90
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F6C40	4_2_005F6C40
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00667444	4_2_00667444
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00638C40	4_2_00638C40
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00636C50	4_2_00636C50
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005C2C60	4_2_005C2C60
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00637420	4_2_00637420
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EFC30	4_2_005EFC30
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E1C20	4_2_005E1C20
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E4C20	4_2_005E4C20
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005C6CD0	4_2_005C6CD0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00631CF0	4_2_00631CF0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0060DCC0	4_2_0060DCC0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DECE0	4_2_005DECE0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006534B0	4_2_006534B0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E6C80	4_2_005E6C80
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00635566	4_2_00635566
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005FF540	4_2_005FF540
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00614540	4_2_00614540
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D5570	4_2_005D5570
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F3570	4_2_005F3570
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00654550	4_2_00654550
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005FFD10	4_2_005FFD10
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005C6500	4_2_005C6500
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DD530	4_2_005DD530
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00601D10	4_2_00601D10
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0062DDE0	4_2_0062DDE0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E55C0	4_2_005E55C0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006055D2	4_2_006055D2
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F9D90	4_2_005F9D90
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006085B0	4_2_006085B0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00632DB0	4_2_00632DB0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DFDB0	4_2_005DFDB0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EEDA0	4_2_005EEDA0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D2E50	4_2_005D2E50
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E1650	4_2_005E1650
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F2E50	4_2_005F2E50
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005C2640	4_2_005C2640
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00616640	4_2_00616640
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0062CE50	4_2_0062CE50
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DFE6B	4_2_005DFE6B
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00636620	4_2_00636620
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00658630	4_2_00658630
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005FB630	4_2_005FB630
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F7630	4_2_005F7630
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D1620	4_2_005D1620
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005DDED0	4_2_005DDED0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E76D0	4_2_005E76D0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EBEC0	4_2_005EBEC0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0063AEC0	4_2_0063AEC0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006056C4	4_2_006056C4
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00606ED1	4_2_00606ED1
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00606EA0	4_2_00606EA0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F4690	4_2_005F4690
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E8E80	4_2_005E8E80
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EA6B0	4_2_005EA6B0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00600E90	4_2_00600E90
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F06A0	4_2_005F06A0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00638F60	4_2_00638F60
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E9750	4_2_005E9750
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D6730	4_2_005D6730
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D7F20	4_2_005D7F20
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005D8FD0	4_2_005D8FD0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E1FD0	4_2_005E1FD0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E47D0	4_2_005E47D0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_006347F0	4_2_006347F0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005ED7E0	4_2_005ED7E0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005F97E0	4_2_005F97E0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005EB790	4_2_005EB790
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005CFF80	4_2_005CFF80
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00604F80	4_2_00604F80
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_005E4FB0	4_2_005E4FB0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00603790	4_2_00603790

Source: C:\Users\user\AppData\Local\Temp\Job Description.exe

Process token adjusted: Security

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Code function: String function: 0065D250 appears 54 times

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 324

Source: Rader_OS.exe.2.dr	Static PE information: Number of sections : 13 > 10
Source: chrome_screen_ai.dll.24.dr	Static PE information: Number of sections : 14 > 10
Source: Rader_OS.exe0.2.dr	Static PE information: Number of sections : 13 > 10
Source: Google.Widevine.CDM.dll.24.dr	Static PE information: Number of sections : 12 > 10

Source: YF3YnL4ksc.exe, 00000000.00000002.834406166.00000000004F7000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameAcroRd32.exe< vs YF3YnL4ksc.exe

Source: YF3YnL4ksc.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: crypted.exe.0.dr

Static PE information: Section: .open ZLIB complexity 1.0003231990014265

Source: 4.2.crypted.exe.4a8fa20.1.raw.unpack, MapBaseAuth.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.crypted.exe.4a8fa20.1.raw.unpack, Manager.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.crypted.exe.4a8fa20.1.raw.unpack, Manager.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.rans.spyw.evad.winEXE@95/1656@22/18

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

Code function: 0_2_0040429B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040429B

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

Code function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,

0_2_00402036

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.556

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: \Sessions\1\BaseNamedObjects\fe5d05a685
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6580
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:10344:304:WilStaging_02
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\AtomProcessSingletonStartup!
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2116:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6552:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2116:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5304:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:10344:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6552:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5304:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1808:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1808:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:10592:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:10592:120:WilError_03

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

File created: C:\Users\user\AppData\Local\Temp\nsbA91D.tmp

Jump to behavior

Source: YF3YnL4ksc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe

File read: C:\Windows\System32\drivers\etc\hosts

Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp

Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';

Source: YF3YnL4ksc.exe	ReversingLabs: Detection: 60%
Source: YF3YnL4ksc.exe	Virustotal: Detection: 57%

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

File read: C:\Users\user\Desktop\YF3YnL4ksc.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\YF3YnL4ksc.exe "C:\Users\user\Desktop\YF3YnL4ksc.exe"
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process created: C:\Users\user\AppData\Local\Temp\Job Description.exe "C:\Users\user\AppData\Local\Temp\Job Description.exe"
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\Advertising_Campaign_Manager_Role_v2.pdf"
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process created: C:\Users\user\AppData\Local\Temp\crypted.exe "C:\Users\user\AppData\Local\Temp\crypted.exe"
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 324
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1664,i,11306396049912346103,14596577498500937340,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=14210420194471320556 --mojo-platform-channel-handle=1744 --ignored=" --type=renderer " /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar\preload.js" --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8872924468974316961 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar" --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=18271155812633344397 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=13805994154244213803 --mojo-platform-channel-handle=2852 /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain --user-data-dir=C:\Users\user\AppData\Local\Local-Data --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Local-Data" --no-subproc-heap-profiling --field-trial-handle=1976,i,4805155226236665838,16544324395876925011,262144 --enable-features=NetworkService,NetworkServiceInProcess --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version=20240910-180202.367000 --mojo-platform-channel-handle=2020 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --field-trial-handle=2016,i,13634299322002045715,6805554880547277524,262144 --enable-features=NetworkService,NetworkServiceInProcess,msMetricsLogFastStartup,msSendMetricsLogOnClose --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --field-trial-handle=4552,i,13634299322002045715,6805554880547277524,262144 --enable-features=NetworkService,NetworkServiceInProcess,msMetricsLogFastStartup,msSendMetricsLogOnClose --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --onnx-enabled-for-ee --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --field-trial-handle=4572,i,13634299322002045715,6805554880547277524,262144 --enable-features=NetworkService,NetworkServiceInProcess,msMetricsLogFastStartup,msSendMetricsLogOnClose --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:8
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process created: C:\Users\user\AppData\Local\Temp\Job Description.exe "C:\Users\user\AppData\Local\Temp\Job Description.exe"	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\Advertising_Campaign_Manager_Role_v2.pdf"	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process created: C:\Users\user\AppData\Local\Temp\crypted.exe "C:\Users\user\AppData\Local\Temp\crypted.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.3.20269 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1664,i,11306396049912346103,14596577498500937340,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=14210420194471320556 --mojo-platform-channel-handle=1744 --ignored=" --type=renderer " /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar\preload.js" --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8872924468974316961 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar" --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=18271155812633344397 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=13805994154244213803 --mojo-platform-channel-handle=2852 /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain --user-data-dir=C:\Users\user\AppData\Local\Local-Data --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Local-Data" --no-subproc-heap-profiling --field-trial-handle=1976,i,4805155226236665838,16544324395876925011,262144 --enable-features=NetworkService,NetworkServiceInProcess --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version=20240910-180202.367000 --mojo-platform-channel-handle=2020 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --field-trial-handle=2016,i,13634299322002045715,6805554880547277524,262144 --enable-features=NetworkService,NetworkServiceInProcess,msMetricsLogFastStartup,msSendMetricsLogOnClose --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --field-trial-handle=4552,i,13634299322002045715,6805554880547277524,262144 --enable-features=NetworkService,NetworkServiceInProcess,msMetricsLogFastStartup,msSendMetricsLogOnClose --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --no-sandbox --ignore-certificate-errors --mute-audio --ignore-certificate-errors --onnx-enabled-for-ee --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --field-trial-handle=4572,i,13634299322002045715,6805554880547277524,262144 --enable-features=NetworkService,NetworkServiceInProcess,msMetricsLogFastStartup,msSendMetricsLogOnClose --disable-features=BlinkGenPropertyTrees,ImprovedCookieControls,LazyFrameLoading,PaintHolding,SameSiteByDefaultCookies,TranslateUI --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptnet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: hid.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iconcodecservice.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: directmanipulation.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: hid.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: comppkgsup.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mfh264enc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: windows.media.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: hid.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: hid.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: hid.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: d3d12core.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: vulkan-1.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: vulkan-1.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: opengl32.dll
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Section loaded: glu32.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe	Section loaded: edgegdi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe	Section loaded: sxs.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.63\elevation_service.exe	Section loaded: cryptbase.dll

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: YF3YnL4ksc.exe

Static file information: File size 52341320 > 1048576

Source:

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 4.2.crypted.exe.4a8fa20.1.raw.unpack, Manager.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: 4.2.crypted.exe.4a8fa20.1.raw.unpack, AdapterRepositoryComp.cs

.Net Code: PrintThread System.AppDomain.Load(byte[])

Source: crypted.exe.0.dr	Static PE information: section name: .00cfg
Source: crypted.exe.0.dr	Static PE information: section name: .open
Source: libEGL.dll.2.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.2.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.2.dr	Static PE information: section name: .00cfg
Source: libEGL.dll0.2.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll0.2.dr	Static PE information: section name: .00cfg
Source: Rader_OS.exe.2.dr	Static PE information: section name: .00cfg
Source: Rader_OS.exe.2.dr	Static PE information: section name: .retplne
Source: Rader_OS.exe.2.dr	Static PE information: section name: .rodata
Source: Rader_OS.exe.2.dr	Static PE information: section name: CPADinfo
Source: Rader_OS.exe.2.dr	Static PE information: section name: prot
Source: Rader_OS.exe.2.dr	Static PE information: section name: /4
Source: PrintDeps.exe.2.dr	Static PE information: section name: _RDATA
Source: libEGL.dll1.2.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll1.2.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll0.2.dr	Static PE information: section name: .00cfg
Source: libEGL.dll2.2.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll2.2.dr	Static PE information: section name: .00cfg
Source: Rader_OS.exe0.2.dr	Static PE information: section name: .00cfg
Source: Rader_OS.exe0.2.dr	Static PE information: section name: .retplne
Source: Rader_OS.exe0.2.dr	Static PE information: section name: .rodata
Source: Rader_OS.exe0.2.dr	Static PE information: section name: CPADinfo
Source: Rader_OS.exe0.2.dr	Static PE information: section name: prot
Source: Rader_OS.exe0.2.dr	Static PE information: section name: /4
Source: PrintDeps.exe0.2.dr	Static PE information: section name: _RDATA
Source: Google.Widevine.CDM.dll.24.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.24.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.24.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.24.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.24.dr	Static PE information: section name: _RDATA
Source: chrome_screen_ai.dll.24.dr	Static PE information: section name: .gxfg
Source: chrome_screen_ai.dll.24.dr	Static PE information: section name: .retplne
Source: chrome_screen_ai.dll.24.dr	Static PE information: section name: _RDATA
Source: chrome_screen_ai.dll.24.dr	Static PE information: section name: flags_he
Source: chrome_screen_ai.dll.24.dr	Static PE information: section name: google_i
Source: chrome_screen_ai.dll.24.dr	Static PE information: section name: malloc_h
Source: chrome_screen_ai.dll.24.dr	Static PE information: section name: protodes
Source: 91fc1d6d-5c2e-4272-8af4-d8fc0aaa97f3.tmp.node.24.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Code function: 4_2_0065D410 push ecx; ret

4_2_0065D423

Source: crypted.exe.0.dr

Static PE information: section name: .text entropy: 7.155186985930008

Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Temp\d8c8109b-c95e-40ed-b16d-74151c7eea42.tmp.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	File created: C:\Users\user\AppData\Local\Temp\crypted.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Temp\91fc1d6d-5c2e-4272-8af4-d8fc0aaa97f3.tmp.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar.unpacked\node_modules\playwright\bin\PrintDeps.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked\node_modules\playwright\bin\PrintDeps.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\MediaFoundationWidevineCdm\x64\1.0.2738.0\Google.Widevine.CDM.dll	Jump to dropped file
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	File created: C:\Users\user\AppData\Local\Temp\Job Description.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\screen_ai\125.1\chrome_screen_ai.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\Rader_OS.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Temp\91fc1d6d-5c2e-4272-8af4-d8fc0aaa97f3.tmp.node			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Temp\d8c8109b-c95e-40ed-b16d-74151c7eea42.tmp.node			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\LICENSE.electron.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\LICENSE.electron.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Subresource Filter\Unindexed Rules\9.49.1\LICENSE.txt
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File created: C:\Users\user\AppData\Local\Local-Data\Subresource Filter\Unindexed Rules\9.51.0\LICENSE.txt

Hooking and other Techniques for Hiding and Protection

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Source: initial sample

Icon embedded in binary file: icon matches a legit application icon: download (132).png

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 1650000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2FB0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 4FB0000 memory reserve \| memory write watch

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Window / User API: threadDelayed 9950

Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\91fc1d6d-5c2e-4272-8af4-d8fc0aaa97f3.tmp.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar.unpacked\node_modules\playwright\bin\PrintDeps.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Local-Data\MediaFoundationWidevineCdm\x64\1.0.2738.0\Google.Widevine.CDM.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked\node_modules\playwright\bin\PrintDeps.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Local-Data\screen_ai\125.1\chrome_screen_ai.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\d8c8109b-c95e-40ed-b16d-74151c7eea42.tmp.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\swiftshader\libEGL.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3368	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 9348	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 9768	Thread sleep count: 9950 > 30

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File Volume queried: C:\Users\user\AppData\Roaming\Rader_OS\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File Volume queried: C:\Users\user\AppData\Roaming\Rader_OS\blob_storage\4e4fd476-9649-4543-b362-4295196685dc FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File Volume queried: unknown FullSizeInformation

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Code function: 0_2_00402654 FindFirstFileA,	0_2_00402654
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Code function: 0_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_004054C6
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Code function: 0_2_00405E9C FindFirstFileA,FindClose,	0_2_00405E9C
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00672288 FindFirstFileExW,	4_2_00672288
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00672339 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	4_2_00672339

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\Job Description.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\app-64.7z	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked\node_modules	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Job Description.exe	File opened: C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources	Jump to behavior

Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: VMnet
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: VMware, Inc.
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: VMware Inc.
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: Gearway Electronics (Dong Guan) Co., Ltd.VMware Inc.Olimex Ltd.
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: vmnet
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: CONNECTION_UNKNOWNCONNECTION_ETHERNETCONNECTION_WIFICONNECTION_2GCONNECTION_3GCONNECTION_4GCONNECTION_NONECONNECTION_BLUETOOTHCONNECTION_INVALIDTeredo Tunneling Pseudo-Interfacevmnet`\
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: Qemu Audio Device
Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OnConnectionTypeChangedOnIPAddressChangedWlanQueryInterfaceWlanSetInterfaceVMnet../../net/base/network_interfaces_win.ccGetNetworkListGetAdaptersAddresses failed:
Source: Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: VMware can crash with older drivers and WebGL content

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

API call chain: ExitProcess graph end node

graph_0-3062

Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe

Process information queried: ProcessInformation

Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Code function: 4_2_0065CEF3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_0065CEF3

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Code function: 4_2_0068918D mov edi, dword ptr fs:[00000030h]

4_2_0068918D

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Code function: 4_2_0066E750 GetProcessHeap,

4_2_0066E750

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0065CE70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_0065CE70
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0065CEE7 SetUnhandledExceptionFilter,	4_2_0065CEE7
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_0065CEF3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_0065CEF3
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: 4_2_00663FEA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00663FEA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Code function: 4_2_0068918D GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

4_2_0068918D

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: unknown protection: readonly

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 45A000
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 45C000
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: C80008

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process created: C:\Users\user\AppData\Local\Temp\Job Description.exe "C:\Users\user\AppData\Local\Temp\Job Description.exe"	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\Advertising_Campaign_Manager_Role_v2.pdf"	Jump to behavior
Source: C:\Users\user\Desktop\YF3YnL4ksc.exe	Process created: C:\Users\user\AppData\Local\Temp\crypted.exe "C:\Users\user\AppData\Local\Temp\crypted.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=14210420194471320556 --mojo-platform-channel-handle=1744 --ignored=" --type=renderer " /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar\preload.js" --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8872924468974316961 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar" --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=18271155812633344397 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=13805994154244213803 --mojo-platform-channel-handle=2852 /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain --user-data-dir=C:\Users\user\AppData\Local\Local-Data --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe /T"
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-background-networking --enable-features=NetworkService,NetworkServiceInProcess --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies,LazyFrameLoading --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --force-color-profile=srgb --metrics-recording-only --no-first-run --enable-automation --password-store=basic --use-mock-keychain "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-pipe --headless --hide-scrollbars --mute-audio --blink-settings=primaryHoverType=2,availableHoverTypes=2,primaryPointerType=4,availablePointerTypes=4 --no-sandbox --disable-background-networking --ignore-certificate-errors --no-sandbox --disable-setuid-sandbox --disable-accelerated-2d-canvas --disable-gpu --disable-popup-blocking --disable-notifications --window-size=1,1 --window-position=-50,-50 --profile-directory=Default about:blank
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe /T

Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\rader_os.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=layoutng,sparerendererforsiteperprocess --gpu-preferences=iaaaaaaaaadgaaagaaaaaaaayaaaaaaacaaaaaaaaaaoaaaabaaaacaaaaaaaaaakaaaaaaaaaawaaaaaaaaadgaaaaaaaaaeaaaaaaaaaaaaaaabqaaabaaaaaaaaaaaaaaaayaaaaqaaaaaaaaaaeaaaafaaaaeaaaaaaaaaabaaaabgaaaa== --service-request-channel-token=14210420194471320556 --mojo-platform-channel-handle=1744 --ignored=" --type=renderer " /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\rader_os.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=layoutng,sparerendererforsiteperprocess --lang=en-us --app-path="c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\resources\app.asar\preload.js" --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8872924468974316961 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\rader_os.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=layoutng,sparerendererforsiteperprocess --lang=en-us --app-path="c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\resources\app.asar" --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=18271155812633344397 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\rader_os.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=layoutng,sparerendererforsiteperprocess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=iaaaaaaaaadgaaagaaaaaaaayaaaaaaacaaaaaaaaaaoaaaabaaaacaaaaaaaaaakaaaaaaaaaawaaaaaaaaadgaaaaaaaaaeaaaaaaaaaaaaaaabqaaabaaaaaaaaaaaaaaaayaaaaqaaaaaaaaaaeaaaafaaaaeaaaaaaaaaabaaaabgaaaa== --service-request-channel-token=13805994154244213803 --mojo-platform-channel-handle=2852 /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\rader_os.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=layoutng,sparerendererforsiteperprocess --gpu-preferences=iaaaaaaaaadgaaagaaaaaaaayaaaaaaacaaaaaaaaaaoaaaabaaaacaaaaaaaaaakaaaaaaaaaawaaaaaaaaadgaaaaaaaaaeaaaaaaaaaaaaaaabqaaabaaaaaaaaaaaaaaaayaaaaqaaaaaaaaaaeaaaafaaaaeaaaaaaaaaabaaaabgaaaa== --service-request-channel-token=14210420194471320556 --mojo-platform-channel-handle=1744 --ignored=" --type=renderer " /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\rader_os.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=layoutng,sparerendererforsiteperprocess --lang=en-us --app-path="c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\resources\app.asar\preload.js" --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8872924468974316961 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\rader_os.exe" --type=renderer --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=layoutng,sparerendererforsiteperprocess --lang=en-us --app-path="c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\resources\app.asar" --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=18271155812633344397 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	Process created: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe "c:\users\user\appdata\local\temp\2ohekpblk7csxcvtvkehzasjhoq\rader_os.exe" --type=gpu-process --field-trial-handle=1320,5113288102185559614,8223414333412356117,131072 --disable-features=layoutng,sparerendererforsiteperprocess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=iaaaaaaaaadgaaagaaaaaaaayaaaaaaacaaaaaaaaaaoaaaabaaaacaaaaaaaaaakaaaaaaaaaawaaaaaaaaadgaaaaaaaaaeaaaaaaaaaaaaaaabqaaabaaaaaaaaaaaaaaaayaaaaqaaaaaaaaaaeaaaafaaaaeaaaaaaaaaabaaaabgaaaa== --service-request-channel-token=13805994154244213803 --mojo-platform-channel-handle=2852 /prefetch:2

Source: Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp

Binary or memory string: ../../electron/atom/browser/ui/views/atom_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Code function: 4_2_0065D066 cpuid

4_2_0065D066

Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: EnumSystemLocalesW,	4_2_0066E02D
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: EnumSystemLocalesW,	4_2_00671828
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	4_2_006718D0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: GetLocaleInfoW,	4_2_0066DB25
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: EnumSystemLocalesW,	4_2_00671B23
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: GetLocaleInfoW,	4_2_00671B90
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: EnumSystemLocalesW,	4_2_00671C65
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: GetLocaleInfoW,	4_2_00671CB0
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	4_2_00671D57
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	4_2_006715D7
Source: C:\Users\user\AppData\Local\Temp\crypted.exe	Code function: GetLocaleInfoW,	4_2_00671E5D

Source: C:\Users\user\AppData\Local\Temp\crypted.exe

Code function: 4_2_0065DE15 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_0065DE15

Source: C:\Users\user\Desktop\YF3YnL4ksc.exe

0_2_0040310D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\index
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DIPS-journal
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_3
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_0
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Conversions-journal
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteData
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database-journal
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\26df2f0d-7481-455a-ad55-489185b726d6
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Conversions
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_0
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_3
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENT
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\index
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\discounts_db
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsSiteData-journal
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_0
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_2
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_3
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\index
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK
Source: C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	321 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	512 Process Injection	11 Deobfuscate/Decode Files or Information	11 Input Capture	1 Network Service Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	1 System Shutdown/Reboot
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	11 Input Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	22 Software Packing	NTDS	237 System Information Discovery	Distributed Component Object Model	1 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	551 Security Software Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	111 Masquerading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	351 Virtualization/Sandbox Evasion	DCSync	351 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	512 Process Injection	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 Remote System Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
YF3YnL4ksc.exe	61%	ReversingLabs	Win32.Trojan.LummaStealer
YF3YnL4ksc.exe	57%	Virustotal		Browse
YF3YnL4ksc.exe	100%	Avira	HEUR/AGEN.1338659

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Local-Data\MediaFoundationWidevineCdm\x64\1.0.2738.0\Google.Widevine.CDM.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Local-Data\screen_ai\125.1\chrome_screen_ai.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Local-Data\screen_ai\125.1\gocr\gocr_models\line_recognition_mobile_convnext320\recognizer_convnext320_cl605667156_kore_prior.pb	0%	ReversingLabs
C:\Users\user\AppData\Local\Local-Data\screen_ai\125.1\gocr\gocr_models\line_recognition_mobile_convnext320\recognizer_convnext320_cl606649635_arab_prior.pb	0%	ReversingLabs
C:\Users\user\AppData\Local\Local-Data\screen_ai\125.1\gocr\gocr_models\line_recognition_mobile_convnext320\recognizer_convnext320_cyrl_prior.pb	0%	ReversingLabs
C:\Users\user\AppData\Local\Local-Data\screen_ai\125.1\gocr\gocr_models\line_recognition_mobile_convnext320\recognizer_convnext320_deva_prior.pb	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\Rader_OS.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\ffmpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar.unpacked\node_modules\playwright\bin\PrintDeps.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar.unpacked\node_modules\playwright\lib\cli\cli.js	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\resources\elevate.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\swiftshader\libEGL.dll	2%	ReversingLabs
C:\Users\user\AppData\Local\Temp\2oHekPbLk7CsxCvTvkEHZaSjhOq\swiftshader\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\91fc1d6d-5c2e-4272-8af4-d8fc0aaa97f3.tmp.node	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\Job Description.exe	26%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\crypted.exe	74%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\d8c8109b-c95e-40ed-b16d-74151c7eea42.tmp.node	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\Rader_OS.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\d3dcompiler_47.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\ffmpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked\node_modules\playwright\bin\PrintDeps.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked\node_modules\playwright\lib\cli\cli.js	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\resources\elevate.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\swiftshader\libEGL.dll	2%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\7z-out\swiftshader\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\StdUtils.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nswB42B.tmp\nsis7z.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape	0%	Avira URL Cloud	safe
https://url.spec.whatwg.org/#concept-url-origin	0%	Avira URL Cloud	safe
https://www.chromestatus.com/features/4510564810227712	0%	Avira URL Cloud	safe
https://www.ecma-international.org/ecma-262/8.0/#prod-Atom	0%	Avira URL Cloud	safe
http://crbug.com/619103.Subsequence	0%	Avira URL Cloud	safe
https://console.spec.whatwg.org/#table	0%	Avira URL Cloud	safe
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	0%	Avira URL Cloud	safe
https://encoding.spec.whatwg.org/#textencoder	0%	Avira URL Cloud	safe
http://www.color.org	0%	Avira URL Cloud	safe
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion	0%	Avira URL Cloud	safe
https://www.chromestatus.com/features/6072546726248448	0%	Avira URL Cloud	safe
https://www.chromestatus.com/feature/5629582019395584.	0%	Avira URL Cloud	safe
https://url.spec.whatwg.org/#concept-urlencoded-serializer	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object	0%	Avira URL Cloud	safe
http://l.twimg.com/i/hpkp_report	0%	Avira URL Cloud	safe
http://crbug.com/619103.	0%	Avira URL Cloud	safe
http://www.midnight-commander.org/browser/lib/tty/key.c	0%	Avira URL Cloud	safe
https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges	0%	Avira URL Cloud	safe
https://www.chromestatus.com/feature/6170540112871424	0%	Avira URL Cloud	safe
https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits	0%	Avira URL Cloud	safe
https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape	0%	Avira URL Cloud	safe
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter	0%	Avira URL Cloud	safe
http://narwhaljs.org)	0%	Avira URL Cloud	safe
http://nsis.sf.net/NSIS_Error	0%	Avira URL Cloud	safe
http://crbug.com/490015	0%	Avira URL Cloud	safe
https://www.ecma-international.org/ecma-262/#sec-line-terminators	0%	Avira URL Cloud	safe
https://crbug.com/824647	0%	Avira URL Cloud	safe
https://certs.starfieldtech.com/repository/0	0%	Avira URL Cloud	safe
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom	0%	Avira URL Cloud	safe
https://heycam.github.io/webidl/#es-iterable-entries	0%	Avira URL Cloud	safe
https://heycam.github.io/webidl/#es-interfaces	0%	Avira URL Cloud	safe
https://wicg.github.io/cors-rfc1918/	0%	Avira URL Cloud	safe
http://subca.ocsp-certum.com0.	0%	Avira URL Cloud	safe
https://www.chromestatus.com/feature/6708326821789696	0%	Avira URL Cloud	safe
https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque	0%	Avira URL Cloud	safe
https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits	0%	Avira URL Cloud	safe
https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillRedirectRequestWil	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-object.prototype.tostring	0%	Avira URL Cloud	safe
https://crbug.com/v8/8520	0%	Avira URL Cloud	safe
https://url.spec.whatwg.org/#urlsearchparams	0%	Avira URL Cloud	safe
http://subca.ocsp-certum.com01	0%	Avira URL Cloud	safe
https://www.chromestatus.com/feature/5749447073988608Added	0%	Avira URL Cloud	safe
https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval	0%	Avira URL Cloud	safe
https://heycam.github.io/webidl/#dfn-class-string	0%	Avira URL Cloud	safe
https://heycam.github.io/webidl/#dfn-iterator-prototype-object	0%	Avira URL Cloud	safe
https://www.chromestatus.com/feature/5745543795965952	0%	Avira URL Cloud	safe
https://xhr.spec.whatwg.org/.	0%	Avira URL Cloud	safe
https://history.report-uri.com/r/d/ct/reportOnly	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-%typedarray%.of	0%	Avira URL Cloud	safe
https://crbug.com/401439).	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
star-mini.c10r.facebook.com	31.13.88.35	true	false	high
chrome.cloudflare-dns.com	172.64.41.3	true	false	high
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
scontent.xx.fbcdn.net	31.13.65.7	true	false	high
www.cloudflare.com	104.16.123.96	true	false	high
discord.com	162.159.136.232	true	false	high
ipinfo.io	34.117.59.81	true	false	high
mail.google.com	142.250.9.17	true	false	high
facebook.com	57.144.132.1	true	false	high
www.google.com	74.125.21.99	true	false	high
ax-0001.ax-msedge.net	150.171.28.10	true	false	high
pki-goog.l.google.com	74.125.21.94	true	false	high
www.facebook.com	unknown	unknown	false	high
tse1.mm.bing.net	unknown	unknown	false	high
c.pki.goog	unknown	unknown	false	high
static.xx.fbcdn.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://ipinfo.io/102.129.152.205/json	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239381981664_1SWAYVEP21DJGDQDY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://www.google.com/favicon.ico	false	high
https://static.xx.fbcdn.net/rsrc.php/v4/yQ/r/WeajZf_EolU.js	false	high
https://static.xx.fbcdn.net/rsrc.php/v4/yc/r/51COKVv3uqA.js	false	high
https://static.xx.fbcdn.net/rsrc.php/v4ihVQ4/y-/l/en_US/xBsb4zeLucM.js	false	high
https://static.xx.fbcdn.net/rsrc.php/v4/yp/r/QKQ461DX9Al.js	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://developer.chrome.com/extensions/runtime#method-connect	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.chromestatus.com/features/4510564810227712	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/speech-api/full-duplex/v1	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://url.spec.whatwg.org/#concept-url-origin	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://developer.chrome.com/extensions/tabs#method-sendMessage	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://github.com/feross/buffer/pull/97	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://crbug.com/619103.Subsequence	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-Atom	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://console.spec.whatwg.org/#table	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
http://www.color.org	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://goo.gl/7K7WLuThe	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://encoding.spec.whatwg.org/#textencoder	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://goo.gl/7K7WLu	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.chromestatus.com/features/6072546726248448	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://goo.gl/t5IS6M).	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://nodejs.org/static/favicon.ico	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#concept-urlencoded-serializer	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.chromestatus.com/feature/5629582019395584.	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://clients3.google.com/ct_upload	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://github.com/tc39/proposal-frozen-realms/blob/91ac390e3451da92b5c27e354b39e52b7636a437/shim/sr	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://nodejs.org/api/fs.html	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://chromium.googlesource.com/chromium/src/	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://github.com/nodejs/node/pull/21313	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://l.twimg.com/i/hpkp_report	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
http://crbug.com/619103.	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
http://www.midnight-commander.org/browser/lib/tty/key.c	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://nodejs.org/	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://tools.ietf.org/html/rfc7540#section-8.1.2.5	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.chromestatus.com/feature/6170540112871424	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
http://www.squid-cache.org/Doc/config/half_closed_clients/	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://narwhaljs.org)	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.godaddy.com/gdroot-g2.crl0F	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://crl.rootg2.amazontrust.com/rootg2.crl0	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://www.symauth.com/rpa0)	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://code.google.com/p/chromium/issues/detail?id=25916	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://nsis.sf.net/NSIS_Error	YF3YnL4ksc.exe, YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, YF3YnL4ksc.exe, 00000000.00000000.804754510.0000000000409000.00000008.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://crbug.com/490015	Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/rpa00	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://aia.startssl.com/certs/ca.crt02	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://github.com/Microsoft/TypeScript/issues/2521	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://nodejs.org/static/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUrlCompatwebSocket	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.ecma-international.org/ecma-262/#sec-line-terminators	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://crbug.com/824647	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://goo.gl/LdLk22Failed	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://certs.starfieldtech.com/repository/0	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://aia1.wosign.com/ca1-class3-server.cer0	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://developer.chrome.com/extensions/i18n#overview-predefined	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://developers.google.com/web/updates/2016/08/removing-document-writeDocument.write	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://heycam.github.io/webidl/#es-iterable-entries	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://heycam.github.io/webidl/#es-interfaces	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://wicg.github.io/cors-rfc1918/	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://developer.chrome.com/extensions/match_patterns	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://subca.ocsp-certum.com0.	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.chromestatus.com/feature/6708326821789696	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/nodejs/node/issues	Rader_OS.exe, 00000013.00000003.1209624317.000001DBBE9E9000.00000004.00000020.00020000.00000000.sdmp, Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/WICG/feature-policy/blob/master/features.md#sensor-featuresP	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://crl.entrust.net/g2ca.crl0;	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillRedirectRequestWil	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-object.prototype.tostring	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#urlsearchparams	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://crbug.com/v8/8520	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
http://subca.ocsp-certum.com01	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.chromestatus.com/feature/5749447073988608Added	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://heycam.github.io/webidl/#dfn-class-string	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://heycam.github.io/webidl/#dfn-iterator-prototype-object	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://www.chromestatus.com/feature/5745543795965952	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://goo.gl/LdLk22Empty	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://android.com/pay	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://github.com/nodejs/node/issues/10673	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=695438).	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://nodejs.org/en/docs/inspectorFor	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://xhr.spec.whatwg.org/.	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	YF3YnL4ksc.exe, 00000000.00000002.834111119.0000000000409000.00000004.00000001.01000000.00000003.sdmp, crypted.exe, 00000004.00000002.873850306.00000000049C2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://developer.chrome.com/extensions/i18n#method-getMessage	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false		high
http://crls1.wosign.com/ca1.crl0m	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C2A2000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://history.report-uri.com/r/d/ct/reportOnly	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-%typedarray%.of	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70C432000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown
https://crbug.com/401439).	Rader_OS.exe, 00000013.00000000.1203332728.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp, Rader_OS.exe, 00000017.00000000.1248238355.00007FF70BA00000.00000002.00000001.01000000.0000000F.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.21.99	www.google.com	United States	15169	GOOGLEUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.9.17	mail.google.com	United States	15169	GOOGLEUS	false
139.99.188.124	unknown	Canada	16276	OVHFR	true
31.13.88.35	star-mini.c10r.facebook.com	Ireland	32934	FACEBOOKUS	false
31.13.88.13	unknown	Ireland	32934	FACEBOOKUS	false
64.233.185.138	unknown	United States	15169	GOOGLEUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
64.233.177.94	unknown	United States	15169	GOOGLEUS	false
108.177.122.17	unknown	United States	15169	GOOGLEUS	false
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
31.13.65.7	scontent.xx.fbcdn.net	Ireland	32934	FACEBOOKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
57.144.132.1	facebook.com	Belgium	2686	ATGS-MMD-ASUS	false
23.218.93.195	unknown	United States	20940	AKAMAI-ASN1EU	false
104.16.123.96	www.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
64.233.185.147	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.11.30

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1577203
Start date and time:	2024-12-18 09:39:40 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 16m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected VM Detection
Number of analysed new started processes analysed:	58
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	YF3YnL4ksc.exe
Detection:	MAL
Classification:	mal100.rans.spyw.evad.winEXE@95/1656@22/18
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 92% Number of executed functions: 28 Number of non-executed functions: 67
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, sppsvc.exe, WerFault.exe, CompPkgSrv.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 40.126.7.35, 40.126.28.20, 40.126.28.11, 20.190.135.5, 40.126.7.32, 20.190.135.18, 40.126.28.23, 20.190.135.19, 20.189.173.21, 23.216.72.131, 3.219.243.226, 3.233.129.217, 52.6.155.20, 52.22.41.97, 199.232.210.172, 20.75.60.91, 23.45.49.146, 23.45.49.159, 23.45.49.160, 23.45.49.136, 23.45.49.143, 23.45.49.165, 23.34.82.6, 23.34.82.7, 23.219.155.165, 23.219.155.148, 23.218.93.178, 23.218.93.186, 23.218.93.177, 23.50.112.15, 23.50.112.32, 23.50.112.29, 23.50.112.28, 23.50.112.5, 23.50.112.62, 23.50.112.60, 23.216.73.151, 108.177.122.84, 64.233.176.95, 74.125.138.95, 142.250.9.95, 64.233.177.95, 142.250.105.95, 172.217.215.95, 173.194.219.95, 108.177.122.95, 74.125.21.95, 74.125.136.95, 172.253.124.95, 64.233.185.95, 74.125.134.94, 74.125.26.94, 13.107.21.239, 204.79.197.239, 23.218.93.153, 172.253.124.94, 108.177.11.94, 23.54.200.159, 150.171.28.10, 142.250.105.84, 13.107.246.40, 172.217.215.94
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl.gstatic.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, acroipm2.adobe.com, iris-de-prod-azsc-v2-eus2-b.eastus2.cloudapp.azure.com, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, e16604.g.akamaiedge.net, onedsblobprdwus16.westus.cloudapp.azure.com, arc.trafficmanager.net, www.gstatic.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, p13n.adobe.io, www-www.bing.com.trafficmanager.net, login.msa.msidentity.com, edge.microsoft.com, armmf.adobe.com, mm-mm.bing.net.t
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:42:36	API Interceptor	1x Sleep call for process: WerFault.exe modified
03:42:42	API Interceptor	14535641x Sleep call for process: MSBuild.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.159.61.3	https://garfieldthecat.tech/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse
	122046760.bat	Get hash	malicious	RHADAMANTHYS	Browse
	pkqLAMAv96.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	IIC0XbKFjS.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	873406390.bat	Get hash	malicious	RHADAMANTHYS	Browse
	0J3fAc6cHO.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	KjECqzXLWp.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	cey4VIyGKh.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	dZKPE9gotO.exe	Get hash	malicious	Vidar	Browse
139.99.188.124	EO3RT0fEfb.exe	Get hash	malicious	Unknown	Browse	139.99.188.124/ucZfzm.txt
	RMBOriPHVJ.exe	Get hash	malicious	Unknown	Browse	139.99.188.124/mzmLv.txt
	S6x3K8vzCA.exe	Get hash	malicious	Unknown	Browse	139.99.188.124/wPBPjuY.txt
	PPbimZI4LV.exe	Get hash	malicious	Unknown	Browse	139.99.188.124/BlQMSgJx.txt
	l5VhEpwzJy.exe	Get hash	malicious	Unknown	Browse	139.99.188.124/jiJNz.txt
	duyba.lnk.download.lnk	Get hash	malicious	Unknown	Browse	139.99.188.124/QWCheljD.txt
	pt8GJiNZDT.exe	Get hash	malicious	Unknown	Browse	139.99.188.124/QWCheljD.txt
	FwR7as4xUq.exe	Get hash	malicious	Unknown	Browse	139.99.188.124/EPDjSfs.txt
172.64.41.3	SmartEasyPDF.msi	Get hash	malicious	Unknown	Browse
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse
	pkqLAMAv96.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	IIC0XbKFjS.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	873406390.bat	Get hash	malicious	RHADAMANTHYS	Browse
	Setup.exe (1).zip	Get hash	malicious	Unknown	Browse
	KjECqzXLWp.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	cey4VIyGKh.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	dZKPE9gotO.exe	Get hash	malicious	Vidar	Browse
	nB52P46OJD.exe	Get hash	malicious	Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
discord.com	arm.elf	Get hash	malicious	Unknown	Browse	162.159.137.232
	webhook.exe	Get hash	malicious	Unknown	Browse	162.159.138.232
	zapret.exe	Get hash	malicious	Unknown	Browse	162.159.136.232
	Bloxflip Predictor.exe	Get hash	malicious	Njrat	Browse	162.159.137.232
	chos.exe	Get hash	malicious	Unknown	Browse	162.159.138.232
	phost.exe	Get hash	malicious	Blank Grabber	Browse	162.159.137.232
	ihost.exe	Get hash	malicious	Python Stealer, Muck Stealer	Browse	162.159.136.232
	shost.exe	Get hash	malicious	Python Stealer, Muck Stealer	Browse	162.159.136.232
	sppawx.exe	Get hash	malicious	Blank Grabber	Browse	162.159.135.232
chrome.cloudflare-dns.com	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse	172.64.41.3
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse	162.159.61.3
	122046760.bat	Get hash	malicious	RHADAMANTHYS	Browse	162.159.61.3
	pkqLAMAv96.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.159.61.3
	IIC0XbKFjS.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.159.61.3
	873406390.bat	Get hash	malicious	RHADAMANTHYS	Browse	172.64.41.3
	0J3fAc6cHO.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.159.61.3
	#U041e#U043f#U043b#U0430#U0442#U0430.xls	Get hash	malicious	Unknown	Browse	172.64.41.3
	wayneenterprisesbatcave-6.0.1901-windows-installer.msi	Get hash	malicious	ScreenConnect Tool	Browse	172.64.41.3
	Setup.exe (1).zip	Get hash	malicious	Unknown	Browse	172.64.41.3
bg.microsoft.map.fastly.net	x0EMKX5G1g.exe	Get hash	malicious	PureCrypter, PureLog Stealer	Browse	199.232.214.172
	LA0gY3d103.exe	Get hash	malicious	PureCrypter, PureLog Stealer	Browse	199.232.214.172
	JnEZtj3vtN.exe	Get hash	malicious	PureCrypter	Browse	199.232.210.172
	uzI7DAON53.exe	Get hash	malicious	PureCrypter	Browse	199.232.214.172
	#U041f#U043b#U0430#U0442i#U0436#U043d#U0430 i#U043d#U0441#U0442#U0440#U0443#U043a#U0446i#U044f.js	Get hash	malicious	SmokeLoader	Browse	199.232.210.172
	#U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U041f#U0430#U0441#U043f#U043e#U0440#U0442.vbs	Get hash	malicious	SmokeLoader	Browse	199.232.210.172
	#U0421#U043a#U0430#U043d-#U043a#U043e#U043fi#U044f #U0414#U043e#U0433#U043e#U0432i#U0440.js	Get hash	malicious	SmokeLoader	Browse	199.232.210.172
	ToYwLfhi9B.exe	Get hash	malicious	PureCrypter, PureLog Stealer	Browse	199.232.210.172
	17345062850621022e2a034193497843f70f72ad0e2a6d5b0e23bb6cd0de4c41fac1759029833.dat-decoded.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	199.232.214.172
www.cloudflare.com	http://inspirafinancial.com	Get hash	malicious	Unknown	Browse	104.16.123.96
	https://tekascend.com/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	104.16.123.96
	https://protect.checkpoint.com/v2/r01/___https://link.edgepilot.com/xdg~fiaa57dVgx2DluRTp19jF8WMmYfWl?z=myyux:ddjrfnq.ynintwjuqD.htrdhdjOBhER6ylHFZFTGu9JoBlVNMIw79G-bMOgKn5Sf55EkuFm_s/LOKQ2pPEoswuEsuU2A7WKVctU0F0LxRir4fJPhZrPOzTgvHZltxJFSX/jFwCJW7F4BtO0gjUt6gM8NiU9g~uEaD_oE2wiDMlq2GDu8zhwYySQbzr0kVZGcn8s4Dk7cEDvSl6XRkaXaP7a5RqmSqgUx7-yk6g8/s-FxFFU__PNlcuV___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOmRkMGI4MjA2MTNmMjg1YzMyNTM2YjE2YzI0MjAzMGU1Ojc6MzQ1NjphZDU1ODAwMDRlN2FjYWY0Nzk3ODJmN2U3MjI1MmNkMTUyZWIyNWZlZjgyYTY4N2M3ZWVjN2E0NjVmZjU3M2E4Omg6VDpU	Get hash	malicious	Unknown	Browse	104.16.123.96
	https://bgf43.bookrecce.com/vfd23ced/#sean@virtualintelligencebriefing.com	Get hash	malicious	Unknown	Browse	104.16.123.96
	Codale Electric Supply Health Insurance Benefits Open Enrollment Plan.html.shtml	Get hash	malicious	Unknown	Browse	104.16.123.96
	https://www.google.com.hk/url?q=KWUZMS42J831JSWOSF4KEIP36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fasubiad.online/grieksm/366a15ae094dd43620eb959537cb323e8fcdb76b/bWZpbm5lZ2FuQHVzY2hhbWJlci5jb20=	Get hash	malicious	Unknown	Browse	104.16.123.96
	http://xn--gmq700hb9ir4byxw.shop/bnBkL2ViZml0c2JwY0F7Zm1mdy9idWp0cHMkbHYvcGQvem1xanVtYnNmZC9xbmJ3MDA7dHF1dWk	Get hash	malicious	ReCaptcha Phish	Browse	104.16.123.96
	https://share.hsforms.com/1btg1UbajRd2Ui8qqobJYrAssgaj	Get hash	malicious	HTMLPhisher	Browse	104.16.123.96
	https://login.officeteam.didgim.com/factpath/resources/patch/047620476204762098/?tpj=PlKRhyZP6wwT3cO_YX5-vBD5GuXYTvvU?SehS24G3uU3qw64njI8IZH7gQJoi5rbp7C2uDZbPGel89LOXSbLkxzcBkcMiAnricyOgDlVZzgK16brTMbOGyuYoLIN4U0HH714J	Get hash	malicious	ReCaptcha Phish	Browse	104.16.124.96

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	sldkjgsdGarDe3.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	jhsdfggga13.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	Garsdgwqa13de.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	http://efaktura.dhlecommerce.pl	Get hash	malicious	Unknown	Browse	104.18.86.42
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	104.21.23.76
	https://t.ly/2PGC5	Get hash	malicious	Unknown	Browse	104.20.7.133
	x86_32.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	104.29.213.135
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	104.21.2.110
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	104.21.23.76
CLOUDFLARENETUS	sldkjgsdGarDe3.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	jhsdfggga13.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	Garsdgwqa13de.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	http://efaktura.dhlecommerce.pl	Get hash	malicious	Unknown	Browse	104.18.86.42
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	104.21.23.76
	https://t.ly/2PGC5	Get hash	malicious	Unknown	Browse	104.20.7.133
	x86_32.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	104.29.213.135
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	104.21.2.110
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	104.21.23.76
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	arm5.nn-20241218-0633.elf	Get hash	malicious	Mirai, Okiru	Browse	34.65.20.112
	https://walli.shanga.co/image/view/?id=1375	Get hash	malicious	Unknown	Browse	34.117.188.166
	http://inspirafinancial.com	Get hash	malicious	Unknown	Browse	34.117.77.79
	tightvnc-2.8.59-gpl-setup-64bit.msi	Get hash	malicious	Unknown	Browse	34.117.188.166
	https://bu.marcel-andree.de/	Get hash	malicious	Unknown	Browse	34.117.59.81
	174 Power Global_Enrollment_.docx.doc	Get hash	malicious	Unknown	Browse	34.117.42.160
	174 Power Global_Enrollment_.docx.doc	Get hash	malicious	Unknown	Browse	34.117.42.160
	https://alluc.co/watch-movies/passengers.html	Get hash	malicious	Unknown	Browse	34.117.77.79
	kjDPynh9vQ.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
OVHFR	x0EMKX5G1g.exe	Get hash	malicious	PureCrypter, PureLog Stealer	Browse	139.99.188.124
	YcxjdYUKIb.exe	Get hash	malicious	PureCrypter, PureLog Stealer	Browse	139.99.188.124
	LA0gY3d103.exe	Get hash	malicious	PureCrypter, PureLog Stealer	Browse	139.99.188.124
	EO3RT0fEfb.exe	Get hash	malicious	Unknown	Browse	139.99.188.124
	RMBOriPHVJ.exe	Get hash	malicious	Unknown	Browse	139.99.188.124
	ToYwLfhi9B.exe	Get hash	malicious	PureCrypter, PureLog Stealer	Browse	139.99.188.124
	KE2yNJdV55.exe	Get hash	malicious	PureCrypter	Browse	139.99.188.124
	JnEZtj3vtN.exe	Get hash	malicious	PureCrypter	Browse	139.99.188.124
	uzI7DAON53.exe	Get hash	malicious	PureCrypter	Browse	139.99.188.124
	JXEsthReim.exe	Get hash	malicious	PureCrypter, PureLog Stealer	Browse	139.99.188.124

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
6271f898ce5be7dd52b0fc260d0662b3	https://ce4.ajax.a8b.co/get?redir=1&id=d4vCW7zizPl1mo0GYx0ELgo+CCIybH9/c4qC7CeWEuI=&uri=//the-western-fire-chiefs-association.jimdosite.com	Get hash	malicious	Unknown	Browse	150.171.27.10
	IIC0XbKFjS.lnk	Get hash	malicious	RHADAMANTHYS	Browse	150.171.27.10
	Document.xla	Get hash	malicious	Unknown	Browse	150.171.27.10
	V65xPrgEHH.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	150.171.27.10
	#U041e#U043f#U043b#U0430#U0442#U0430.xls	Get hash	malicious	Unknown	Browse	150.171.27.10
	#U041e#U043f#U043b#U0430#U0442#U0430.xls	Get hash	malicious	Unknown	Browse	150.171.27.10
	Smple_Order-048576744759475945.xls	Get hash	malicious	Unknown	Browse	150.171.27.10
	Document.xla.xlsx	Get hash	malicious	Unknown	Browse	150.171.27.10
	Sample_Order_000000991.xls	Get hash	malicious	Unknown	Browse	150.171.27.10
	BG75-10-01_CurrencyTransfer__530_24_00002559_Processed.xls	Get hash	malicious	Unknown	Browse	150.171.27.10
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	23.223.194.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	23.223.194.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	23.223.194.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	23.223.194.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RHADAMANTHYS	Browse	23.223.194.206
	loader.exe	Get hash	malicious	LummaC	Browse	23.223.194.206
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Poverty Stealer, RHADAMANTHYS, Xmrig	Browse	23.223.194.206
	MeP66xi1AM.exe	Get hash	malicious	Remcos, DBatLoader	Browse	23.223.194.206
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse	23.223.194.206
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse	23.223.194.206

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Local-Data\MediaFoundationWidevineCdm\x64\1.0.2738.0\Google.Widevine.CDM.dll	aspweb88.exe	Get hash	malicious	Unknown	Browse
	https://trimmer.to:443/GWHMY	Get hash	malicious	HTMLPhisher	Browse
	217469812STM.pdf	Get hash	malicious	ScreenConnect Tool, Phisher	Browse
	NW_EmployerNewsletter_11142024_pdf.html	Get hash	malicious	Unknown	Browse
	Benefits_Update_2024.pdf	Get hash	malicious	Unknown	Browse
	11sds_Invoice_9334749.html	Get hash	malicious	WinSearchAbuse	Browse
	Request_for_Title_Commitment.html	Get hash	malicious	Unknown	Browse
	Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe	Get hash	malicious	Unknown	Browse
	E7X-XIZ5.eml	Get hash	malicious	Unknown	Browse
	Eversheds-sutherland-INV39212-3_230470352.doc	Get hash	malicious	Unknown	Browse

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7138484106572508
Encrypted:	false
SSDEEP:	96:4oFWNxZsAhWoI7RG6tvXIxcQvc6QcEscw3/+HbHg/8BRTf3Oy1FhZAXQ65FMTPSZ:9sNxZCmBUWoju1Du76ofAIO82
MD5:	4EDD1B51EEC0EF2213B0737A73FF19CA
SHA1:	73E7B14BC4DCB3D48002FFC7F4F0BE3F7E10F135
SHA-256:	82639D09F89B5025F6C94B00BA780266CD1316FBC2B35603E07B5F7742962071
SHA-512:	A8A740E405766B61D5574B0803584DEA4737152FE93F3BC4C677AB950CFDC17032281CB0360BC4070A1CD5E6BA5903650CCA73DC4F19DA933D8D04C450ACE71D
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.8.4.9.5.3.9.3.5.8.8.4.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.8.4.9.5.4.9.0.4.4.1.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.7.3.0.2.d.a.6.-.c.4.4.b.-.4.d.f.d.-.9.5.5.9.-.b.6.7.5.8.f.1.6.6.f.d.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.1.9.c.b.7.8.c.-.1.8.5.d.-.4.9.c.b.-.9.0.a.4.-.0.7.d.d.5.5.0.c.3.d.d.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.c.r.y.p.t.e.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.b.4.-.0.0.0.1.-.0.0.4.1.-.b.6.9.8.-.d.8.c.7.2.8.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.7.b.9.0.9.0.a.e.a.b.c.0.5.f.3.8.f.2.3.3.9.8.c.e.7.d.9.a.2.d.5.0.0.0.0.f.f.f.f.!.0.0.0.0.1.0.5.8.4.f.6.8.f.3.f.4.a.c.a.0.e.3.a.1.a.4.2.6.4.9.5.f.2.9.b.8.8.2.3.a.2.c.1.f.!.c.r.y.p.t.e.d...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.

Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.253565803447035
Encrypted:	false
SSDEEP:	3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuVGH5kt1llhdlHiTFJrqzOJkvP5meArl:men9YOFLvEWdM9QNH6tHHi7Z+P4e
MD5:	456478B51CEDAF540A7A06F75C9D924C
SHA1:	B70028396E04131670D2596C2BEBE00C05BEFD0D
SHA-256:	FB82D430245B1E9CCCF6F70C0BCAFAD6F3C4AC29526834164820035FA8493582
SHA-512:	8565CC76BA2EE8861FE54CFBFA0ACC48B3119ADD19521BBC739E52C853D66505D4C09D36C6A796261C3D8E963BAE7359E384EB44EA467AB27D95A109317B1497
Malicious:	false
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..A..Eo...................................*"J.W..........d.{v.^.G...d.W.:...P..k%..A..Eo.........%........

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.5384381781291694
Encrypted:	false
SSDEEP:	6:kKyoJElC8om3sTwD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:alCMImsLNkPlE99SNxAhUe/3
MD5:	0A7482CA06CC24CB6B49DA0C74429329
SHA1:	672407B4C5B2B982F2FF8F0F642D8469DF8461D0
SHA-256:	85C5BE9B50F7D00163B142FC0BE4C3E4A0FFA3FB8E6CFF393630C6C284A74748
SHA-512:	AAEC39B41F9D75DB9DE89C907EECAC8BD37F412C4070B451BA6C34E01ACF1FE526832BA01BE33A295E1C6E806CA4BEF35CFB4A43639B57949517E440781A95B8
Malicious:	false
Preview:	p...... .........s.(Q..(...............................................).m..... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	119241
Entropy (8bit):	6.098461339403573
Encrypted:	false
SSDEEP:	3072:223GVHqNGnV/WyzuGiy+G6nbKzJtmXIqVr+IsSq:L8qNsV3yGv56nb0tmDVbq
MD5:	2E01D91F64193BD56FD5D4DB34608AA2
SHA1:	5E81BBFE7996FB63EF93FC506C1F45176CC27074
SHA-256:	2BB9222822706336507DDC2C62F7111DB516346163768C19BA07709BA7A37D86
SHA-512:	7AF7A5C4195B3A19E3B7B2D15CB39D475CC8D8D2C4A6FAD02AF6FE82166C589640EC57E0E96AB2BA7CE99093155A1E60AC10CAA92999EAA5CF48BF59BE29CEC2
Malicious:	false
Preview:	{"accessibility":{"screen_ai":{"last_used_time":"13369745297249960"}},"autofill":{"ablation_seed":"KGnqFBTzt5U=","states_data_dir":"C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\AutofillStates\\2024.7.12.235938"},"background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"breadcrumbs":{"enabled":false,"enabled_time":"13368724027528178"},"browser":{"default_browser_prompt_refresh_study_group":"enabled-v2-arm-3","first_run_finished":true,"last_whats_new_version":128,"shortcut_migration_version":"116.0.5845.97","whats_new_hats_activation_threshold":94},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"local":{"password_hash_data_list":[]},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.726037050357588e+12,"network":1.726037051e+12,"ticks":257182580.0,"uncertainty":1805515.0}},"optimization_guide":{"model_cache_ke

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11154
Entropy (8bit):	5.707886483942131
Encrypted:	false
SSDEEP:	192:zo8NBSAozdYXhuDctCcUxT0qfVrixp9bBrkn5MVSya4VkHMJ:zo8NBSZzdYXonT0cra9bB4n5MV3WsJ
MD5:	981CF2889C45D42686344988143C3289
SHA1:	A8E519A5434F5DEFC27DBA1F66091A67CE4CA42B
SHA-256:	47BB75037E54257191098A7B72D363E355A3D4A60583CE0004B19D27FD20BE81
SHA-512:	9BD015E74205A5D89600189050CC15949D5056ED5A0D1F364844CC5EED99E21194021A37CD081E2870EE377174722EC40062C6AE4882D078050688DD0E079FF7
Malicious:	false
Preview:	{"accessibility":{"captions":{"common_models_path":"","soda_binary_path":""}},"apps_count_check_time":"13375959609644227","background_tracing":{"session_state":{"privacy_filter":true,"state":0}},"breadcrumbs":{"enabled":false,"enabled_time":"13375959609050489"},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"host_package_checked_on_browser_version":"128.0.6613.120","legacy":{"profile":{"name":{"migrated":true}}},"migration":{"Default":{"migration_attempt":0,"migration_version":4}},"optimization_guide":{"model_store_metadata":{}},"os_crypt":{"app_bound_encrypted_key":"QVBQQgEAAADQj

Process:	C:\Users\user\Desktop\YF3YnL4ksc.exe
File Type:	PDF document, version 1.3, 3 pages
Category:	dropped
Size (bytes):	3986
Entropy (8bit):	7.456004459274474
Encrypted:	false
SSDEEP:	96:6RHrsQ6Fc+YDxP8gpOwEBdOujxeB7knVQzWKB5Y+74C0sLJRSo:6trcPYDigiBdfetAMxm8BPRSo
MD5:	F1D1BF7BA473B16F95B0BAFE0E09A402
SHA1:	33CBC0601595EC233C96D8181D12CEAE9CEECE7A
SHA-256:	CFBACCD2CC5E9FCE35F05E87D7F5D8DF85CA47ECF0E8FDC44CFB701A70EB0DFE
SHA-512:	559918229442151AF1C1C48D55052BC94BB28E664CE5190B40BF0CE10A3381F1D9773F3FC4E1848CB7A5E34DE4279533E64F667F58F473DB61C824E861CF6F90
Malicious:	false
Preview:	%PDF-1.3.3 0 obj.<</Type /Page./Parent 1 0 R./Resources 2 0 R./Contents 4 0 R>>.endobj.4 0 obj.<</Filter /FlateDecode /Length 879>>.stream.x.}TM..:...+..U...?...P..+.(H...bO....$%..{f.8N..'.F...3....e..W..x.1...I...\|X.4iD.B.".a.../f@0+....{.^9...(.Tk....k..4Hx4.U........3H..#.U.."..H...V$.k....HO ]... .....X.J<.......{...^&V.5\|..:....z:....j2.7. .n.....=QA......ai..<H....\|...#?.]............H...W%Y..{.k....CY)Xg>$....v.b.+c.o....),.6.E........>..>.Rk..~..n.I...].k........V...G.d...B..v.Ri......Or.....E)sylC.....${.v.\ ..*.\...#..a&pP~.Q.G92..WJ#t.Pf.....,.]..n..)../.a0...<.$...a..\|&...O.Y-....N.=..R..3M.&D..a...j....>!..ZJ..G.c...yc..x.....7w......d.E.....j....\|.E&.X.Q.,J>..)......7.%Z...9u....K7...\u.#FA..l.......C.@...N..^.e]dM).8}...\|.cV...3....>..V....ufq....r..w-....,HU]..e.h.. .4.....8j....c.....?..L.t.c.f..i..$.{..I".vRc..[..\.............v..]..^.<MKQL..+......4...v...I\..6 ..H.........t...............^n.!O.\..>.o./.QW'....~.

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.999869312438023
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	YF3YnL4ksc.exe
File size:	52'341'320 bytes
MD5:	5fb35c53e68fc1fa0d555db9fcda099f
SHA1:	828bd14a630b4ff78d5159876ab004c8fd3e63cc
SHA256:	032fbff0c808c0de5d363a06a2dad711486cc4d05642858190cc3f8b0b56ba2e
SHA512:	aebbca214bdfc3a660cb15af4ecbe80da99f190f76fa0284ee675bc049558fa7f7f1ded8570052e6ac9295d93a31f7df478f89a522d5811c9738b1594bed91e6
SSDEEP:	1572864:O6rf/h0zh5n2Ewnscb80hZn4CTxGbeWgD41H:Oy/h0zLvwx8eOE0bx/1H
TLSH:	CCB733685126CB62D20AC73277B26FB2FED0EC1C2158BB5A0F4F3A937BF65515450E88
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.]...RF..RG.pRF.]...RF..qv..RF..T@..RF.Rich.RF.........................PE..L...oy.V.................`.........

Entrypoint:	0x40310d
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x567F796F [Sun Dec 27 05:38:55 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	29b61e5a552b3a9bc00953de1c93be41

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x74d8	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x37000	0x10f28	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x280	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5e3c	0x6000	1a13b408c917b27c9106545148d3b8d3	False	0.6686197916666666	data	6.432295288512854	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x126a	0x1400	921acf8cb0aea87c0603fa899765fcc2	False	0.43359375	data	5.00588726544978	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x25d38	0x600	797517c6ef57aa95d53df2cf07568953	False	0.474609375	data	4.291756049727371	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x2f000	0x8000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x37000	0x10f28	0x11000	78df4e4ccbedc0b5764e19793c07ca9f	False	0.15441176470588236	data	3.881803120886858	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x37190	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/m	English	United States	0.14468236129184905
RT_DIALOG	0x479b8	0x100	data	English	United States	0.5234375
RT_DIALOG	0x47ab8	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x47bd8	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x47c38	0x14	data	English	United States	1.15
RT_MANIFEST	0x47c50	0x2d7	XML 1.0 document, ASCII text, with very long lines (727), with no line terminators	English	United States	0.562585969738652

DLL	Import
KERNEL32.dll	SetFileAttributesA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CompareFileTime, SearchPathA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, CreateDirectoryA, lstrcmpiA, GetCommandLineA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, LoadLibraryA, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, WaitForSingleObject, GetWindowsDirectoryA, GetTempPathA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, LoadLibraryExA, GetModuleHandleA, MultiByteToWideChar, FreeLibrary
USER32.dll	GetWindowRect, EnableMenuItem, GetSystemMenu, ScreenToClient, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, PostQuitMessage, RegisterClassA, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, OpenClipboard, TrackPopupMenu, SendMessageTimeoutA, GetDC, LoadImageA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, SetWindowLongA, EmptyClipboard, SetTimer, CreateDialogParamA, wsprintfA, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
ADVAPI32.dll	RegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_Create, ImageList_Destroy, ImageList_AddMasked
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 18, 2024 09:43:44.247728109 CET	192.168.11.30	1.1.1.1	cb48	(Port unreachable)	Destination Unreachable
Dec 18, 2024 09:44:10.905154943 CET	192.168.11.30	64.233.185.138	c36d	(Port unreachable)	Destination Unreachable
Dec 18, 2024 09:44:10.911160946 CET	192.168.11.30	31.13.88.35	403d	(Port unreachable)	Destination Unreachable
Dec 18, 2024 09:44:10.946494102 CET	192.168.11.30	31.13.88.13	4018	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 18, 2024 09:42:41.244846106 CET	192.168.11.30	1.1.1.1	0x4e63	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:42:47.739965916 CET	192.168.11.30	1.1.1.1	0x4bf1	Standard query (0)	tse1.mm.bing.net	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:37.043416023 CET	192.168.11.30	1.1.1.1	0x4f0b	Standard query (0)	c.pki.goog	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:41.131395102 CET	192.168.11.30	1.1.1.1	0xb139	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:41.131654024 CET	192.168.11.30	1.1.1.1	0x5afe	Standard query (0)	www.facebook.com	65	IN (0x0001)	false
Dec 18, 2024 09:43:41.147170067 CET	192.168.11.30	1.1.1.1	0x46d2	Standard query (0)	mail.google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:41.147377014 CET	192.168.11.30	1.1.1.1	0x6938	Standard query (0)	mail.google.com	65	IN (0x0001)	false
Dec 18, 2024 09:43:41.878266096 CET	192.168.11.30	1.1.1.1	0xb740	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:41.878391981 CET	192.168.11.30	1.1.1.1	0x3704	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 18, 2024 09:43:42.342046976 CET	192.168.11.30	1.1.1.1	0xe373	Standard query (0)	static.xx.fbcdn.net	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:42.342186928 CET	192.168.11.30	1.1.1.1	0x46d6	Standard query (0)	static.xx.fbcdn.net	65	IN (0x0001)	false
Dec 18, 2024 09:43:43.972716093 CET	192.168.11.30	1.1.1.1	0x6b8e	Standard query (0)	facebook.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:43.972915888 CET	192.168.11.30	1.1.1.1	0xd7e1	Standard query (0)	facebook.com	65	IN (0x0001)	false
Dec 18, 2024 09:44:01.553106070 CET	192.168.11.30	1.1.1.1	0x429e	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:01.553251982 CET	192.168.11.30	1.1.1.1	0x78a6	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 18, 2024 09:44:01.553839922 CET	192.168.11.30	1.1.1.1	0x82cb	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:01.554058075 CET	192.168.11.30	1.1.1.1	0xc1fd	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 18, 2024 09:44:01.554523945 CET	192.168.11.30	1.1.1.1	0xf793	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:01.554886103 CET	192.168.11.30	1.1.1.1	0x8e82	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 18, 2024 09:44:11.477489948 CET	192.168.11.30	1.1.1.1	0xe46d	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:12.242650986 CET	192.168.11.30	1.1.1.1	0x9171	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:13.048440933 CET	192.168.11.30	1.1.1.1	0xe67e	Standard query (0)	discord.com	A (IP address)	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 18, 2024 09:42:41.386230946 CET	1.1.1.1	192.168.11.30	0x4e63	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:42:41.386230946 CET	1.1.1.1	192.168.11.30	0x4e63	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:42:43.270601988 CET	1.1.1.1	192.168.11.30	0x9bca	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:42:43.270601988 CET	1.1.1.1	192.168.11.30	0x9bca	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:42:47.743721962 CET	1.1.1.1	192.168.11.30	0xe3b	No error (0)	g-bing-com.ax-0001.ax-msedge.net	ax-0001.ax-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 09:42:47.743721962 CET	1.1.1.1	192.168.11.30	0xe3b	No error (0)	ax-0001.ax-msedge.net		150.171.28.10	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:42:47.743721962 CET	1.1.1.1	192.168.11.30	0xe3b	No error (0)	ax-0001.ax-msedge.net		150.171.27.10	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:42:47.881616116 CET	1.1.1.1	192.168.11.30	0x4bf1	No error (0)	tse1.mm.bing.net	mm-mm.bing.net.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 09:42:47.881616116 CET	1.1.1.1	192.168.11.30	0x4bf1	No error (0)	ax-0001.ax-msedge.net		150.171.27.10	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:42:47.881616116 CET	1.1.1.1	192.168.11.30	0x4bf1	No error (0)	ax-0001.ax-msedge.net		150.171.28.10	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:37.184293985 CET	1.1.1.1	192.168.11.30	0x4f0b	No error (0)	c.pki.goog	pki-goog.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 09:43:37.184293985 CET	1.1.1.1	192.168.11.30	0x4f0b	No error (0)	pki-goog.l.google.com		74.125.21.94	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:37.621592999 CET	1.1.1.1	192.168.11.30	0xa5ae	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:37.621592999 CET	1.1.1.1	192.168.11.30	0xa5ae	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:41.273169994 CET	1.1.1.1	192.168.11.30	0xb139	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 09:43:41.273169994 CET	1.1.1.1	192.168.11.30	0xb139	No error (0)	star-mini.c10r.facebook.com		31.13.88.35	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:41.273459911 CET	1.1.1.1	192.168.11.30	0x5afe	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 09:43:41.273459911 CET	1.1.1.1	192.168.11.30	0x5afe	No error (0)	star-mini.c10r.facebook.com			65	IN (0x0001)	false
Dec 18, 2024 09:43:41.273459911 CET	1.1.1.1	192.168.11.30	0x5afe	No error (0)	star-mini.c10r.facebook.com			65	IN (0x0001)	false
Dec 18, 2024 09:43:41.288139105 CET	1.1.1.1	192.168.11.30	0x46d2	No error (0)	mail.google.com		142.250.9.17	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:41.288139105 CET	1.1.1.1	192.168.11.30	0x46d2	No error (0)	mail.google.com		142.250.9.83	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:41.288139105 CET	1.1.1.1	192.168.11.30	0x46d2	No error (0)	mail.google.com		142.250.9.18	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:41.288139105 CET	1.1.1.1	192.168.11.30	0x46d2	No error (0)	mail.google.com		142.250.9.19	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:42.019190073 CET	1.1.1.1	192.168.11.30	0xb740	No error (0)	www.google.com		74.125.21.99	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:42.019190073 CET	1.1.1.1	192.168.11.30	0xb740	No error (0)	www.google.com		74.125.21.103	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:42.019190073 CET	1.1.1.1	192.168.11.30	0xb740	No error (0)	www.google.com		74.125.21.106	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:42.019190073 CET	1.1.1.1	192.168.11.30	0xb740	No error (0)	www.google.com		74.125.21.104	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:42.019190073 CET	1.1.1.1	192.168.11.30	0xb740	No error (0)	www.google.com		74.125.21.147	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:42.019190073 CET	1.1.1.1	192.168.11.30	0xb740	No error (0)	www.google.com		74.125.21.105	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:42.019417048 CET	1.1.1.1	192.168.11.30	0x3704	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 18, 2024 09:43:42.483464956 CET	1.1.1.1	192.168.11.30	0xe373	No error (0)	static.xx.fbcdn.net	scontent.xx.fbcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 09:43:42.483464956 CET	1.1.1.1	192.168.11.30	0xe373	No error (0)	scontent.xx.fbcdn.net		31.13.65.7	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:42.485408068 CET	1.1.1.1	192.168.11.30	0x46d6	No error (0)	static.xx.fbcdn.net	scontent.xx.fbcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 09:43:42.485408068 CET	1.1.1.1	192.168.11.30	0x46d6	No error (0)	scontent.xx.fbcdn.net			65	IN (0x0001)	false
Dec 18, 2024 09:43:42.485408068 CET	1.1.1.1	192.168.11.30	0x46d6	No error (0)	scontent.xx.fbcdn.net			65	IN (0x0001)	false
Dec 18, 2024 09:43:44.114084959 CET	1.1.1.1	192.168.11.30	0x6b8e	No error (0)	facebook.com		57.144.132.1	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:43:44.116944075 CET	1.1.1.1	192.168.11.30	0xd7e1	No error (0)	facebook.com			65	IN (0x0001)	false
Dec 18, 2024 09:43:44.116944075 CET	1.1.1.1	192.168.11.30	0xd7e1	No error (0)	facebook.com			65	IN (0x0001)	false
Dec 18, 2024 09:44:01.688607931 CET	1.1.1.1	192.168.11.30	0x82cb	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:01.688607931 CET	1.1.1.1	192.168.11.30	0x82cb	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:01.689496994 CET	1.1.1.1	192.168.11.30	0x429e	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:01.689496994 CET	1.1.1.1	192.168.11.30	0x429e	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:01.695363998 CET	1.1.1.1	192.168.11.30	0x78a6	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 18, 2024 09:44:01.695374012 CET	1.1.1.1	192.168.11.30	0xc1fd	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 18, 2024 09:44:01.695859909 CET	1.1.1.1	192.168.11.30	0xf793	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:01.695859909 CET	1.1.1.1	192.168.11.30	0xf793	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:01.696616888 CET	1.1.1.1	192.168.11.30	0x8e82	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 18, 2024 09:44:11.618971109 CET	1.1.1.1	192.168.11.30	0xe46d	No error (0)	www.cloudflare.com		104.16.123.96	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:11.618971109 CET	1.1.1.1	192.168.11.30	0xe46d	No error (0)	www.cloudflare.com		104.16.124.96	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:12.377563000 CET	1.1.1.1	192.168.11.30	0x9171	No error (0)	ipinfo.io		34.117.59.81	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:13.192394018 CET	1.1.1.1	192.168.11.30	0xe67e	No error (0)	discord.com		162.159.136.232	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:13.192394018 CET	1.1.1.1	192.168.11.30	0xe67e	No error (0)	discord.com		162.159.135.232	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:13.192394018 CET	1.1.1.1	192.168.11.30	0xe67e	No error (0)	discord.com		162.159.138.232	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:13.192394018 CET	1.1.1.1	192.168.11.30	0xe67e	No error (0)	discord.com		162.159.137.232	A (IP address)	IN (0x0001)	false
Dec 18, 2024 09:44:13.192394018 CET	1.1.1.1	192.168.11.30	0xe67e	No error (0)	discord.com		162.159.128.233	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Dec 18, 2024 09:43:37.327222109 CET	200	OUT	GET /r/r1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Dec 18, 2024 09:43:37.469779015 CET	223	IN	HTTP/1.1 304 Not Modified Date: Wed, 18 Dec 2024 08:07:39 GMT Expires: Wed, 18 Dec 2024 08:57:39 GMT Age: 2158 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:42:41 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-12-18 08:42:41 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-12-18 08:42:41 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 18 Dec 2024 08:42:41 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8f3ddc6be81832e0-JAX alt-svc: h3=":443"; ma=86400
2024-12-18 08:42:41 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 26 00 04 6c b1 0b 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom&l^)

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:42:48 UTC	375	OUT	GET /th?id=OADD2.10239381981663_1P3J4RQU2C8DK8IE4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-18 08:42:48 UTC	852	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 369719 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 3DADB5A7052244B4ADD970F8F1256F8F Ref B: MIAEDGE2906 Ref C: 2024-12-18T08:42:48Z Date: Wed, 18 Dec 2024 08:42:48 GMT Connection: close
2024-12-18 08:42:48 UTC	15532	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 33 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 31 3a 30 32 20 30 38 3a 30 39 3a 35 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.3 (Windows)2024:01:02 08:09:588C
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: ad cc dd 0a e1 86 ac d2 b1 e1 9b 22 be 83 f8 09 ac 29 bf 8d 49 c7 4c 9e 7b 1e 6b e7 2d 35 18 48 0e 48 23 f0 af 58 f8 33 76 f0 6a b0 f3 91 b8 63 f1 e2 b9 33 5a 3e db 0b 38 f9 11 56 3e ed cf ac e3 39 50 7f 9d 4f 13 10 de dc d6 7e 8f 30 9b 4d 82 50 72 19 47 e3 c5 5d 87 f9 57 c4 e0 61 ee 23 c8 ab a3 2e 46 7b 55 98 4e 30 6a a4 5c d5 98 8e 7a f4 f6 af a4 c3 c3 63 99 96 a3 38 c0 a9 e3 27 6e 0f 7a af 19 a9 e3 3d ff 00 95 7a f4 a3 b1 99 62 3f e7 53 27 dd 02 a1 88 fa d4 91 9f 97 da bb e9 c4 09 d7 ef 53 d4 f6 f4 a8 55 81 6e 9d 2a 44 ae 85 10 25 53 8e 7f 3a 7d 44 a7 3d 69 fb ab a2 11 02 65 6e 29 77 66 a2 39 a7 67 15 bc 50 0e 2d db 3c 54 64 e1 bd a8 2d 51 39 3b bd aa d2 26 e3 e4 61 51 e7 34 64 f4 34 d6 6e fe b5 69 12 3a 95 4e 2a 20 df 35 39 4e 7e 95 a2 40 4c a7 d6 9c Data Ascii: ")IL{k-5HH#X3vjc3Z>8V>9PO~0MPrG]Wa#.F{UN0j\zc8'nz=zb?S'SUnD%S:}D=ien)wf9gP-<Td-Q9;&aQ4d4ni:N 59N~@L
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 4e cd d8 5b 6e 71 7f f0 8c 7d 9d 81 92 3f 94 7b 73 5a ba 35 9c 30 b0 06 21 c0 00 13 8c d7 6f 77 65 6e c9 ca 83 d3 27 d2 b2 26 b2 8a 36 c8 3f 28 1c 0f f3 fa 56 a8 ce 72 b2 20 be 22 3b 56 51 8c 9c 7b 0e 6b cd fc 61 7d 34 77 01 37 0d a0 e7 83 8a ef 35 79 82 6e 44 cf 5c 7b 60 57 98 78 fe e1 52 e3 27 80 08 24 9e f4 d6 ac ce 2d 9d 06 8f 71 31 d3 49 cb 10 45 72 ba d0 9c df 17 61 95 52 71 f8 1a dd f0 8e a0 8f 62 91 f0 5b a7 b6 3f 0f 4a 7f 89 ec 41 b6 69 11 30 08 ce 47 6a 56 36 39 fb 7b 90 30 79 e0 8a b8 2e cc 91 94 53 93 8f c2 b0 a1 dd b9 93 91 86 20 13 53 47 78 96 8b f3 f5 e0 b6 68 14 95 d1 72 de 19 9f 50 43 d3 9e 3d 2b de be 0b 5d 6d 41 13 1c 82 08 04 7e 7f a5 78 86 87 3a 5c 2a ca 07 53 d7 d7 3c d7 a7 fc 28 d4 bc 9d 4a 28 c6 36 e4 60 67 af 6f eb 5e 56 77 07 3c Data Ascii: N[nq}?{sZ50!owen'&6?(Vr ";VQ{ka}4w75ynD\{`WxR'$-q1IEraRqb[?JAi0GjV69{0y.S SGxhrPC=+]mA~x:\*S<(J(6`go^Vw<
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 4c 9c 4d 28 9c 1f ad 4c 8e 78 1f ce b3 e3 7f 9b 03 fc 2a 75 73 ed 8a ea 8d 63 29 40 be b2 67 bf 4a 9a 39 08 6c 1c 67 dc d6 7a 3e 1b ad 49 1c 87 81 ff 00 d7 ae 88 56 33 70 34 56 4f 97 1d 4f a7 7a 91 65 f9 4e 71 81 d2 b3 91 c8 e4 36 48 a9 96 4c 63 3d 79 ae 8f 6c 47 2b 34 04 df 8e 6a 48 e6 23 91 c7 bd 66 ac a4 75 6f 4f ce 9c b2 9d c4 93 d7 d6 9f b6 27 94 d2 13 77 f5 fe 54 82 6c 2f b5 50 f3 c8 5e 7f 4e b4 d3 33 1e 3a 63 f3 a4 eb b1 72 b3 ea 06 18 a8 df 1b 8d 4c 7e f1 35 1c 83 e6 cd 71 e2 36 3d 1e a5 79 06 2a bc c7 ad 5a 98 67 f5 aa b3 00 3a d7 c8 66 92 b4 59 d1 49 6a 53 ba 3f 2e 07 bd 65 cc 72 e4 8a d0 bd 70 14 8e 3b f7 ac b7 35 f8 ef 10 d4 4e aa 8f 53 d6 a1 a2 10 13 4f 5f 7a 88 1f 9a 9e a7 0b d2 be 6d 9d 28 90 22 9a 70 45 1c e2 9a 84 fd 2a 41 d2 a6 ec 63 d4 Data Ascii: LM(Lxusc)@gJ9lgz>IV3p4VOOzeNq6HLc=ylG+4jH#fuoO'wTl/P^N3:crL~5q6=yZg:fYIjS?.erp;5NSO_zm("pE*Ac
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: b8 a1 4f 61 d3 b5 7e 72 b6 3d 02 74 23 f1 a7 a1 a8 54 91 d6 9f bb 3c 54 38 81 32 9e e7 ad 3d 5b 1d 6a 25 22 9d bb 3c 0a c9 a0 24 67 cf 4e 94 d5 39 eb 4d 04 50 4d 2b 00 fc 93 cd 31 cf a5 0c de 94 c2 73 91 54 02 53 4d 3b 3d c5 35 81 ed 54 b7 02 36 18 e7 ad 35 b8 61 8a 91 bd ea 39 3d ab 54 4b 44 4e 6a 26 fb d5 2b f0 de f5 13 63 8c d6 91 33 23 73 96 3f 4a 8d 8e 3f fa f4 e6 3d 71 ef 50 b7 5a da 28 86 07 8c 83 d2 98 c7 1c d0 c7 3f 4a 8a 46 21 bb 74 ad 12 25 83 b6 7a 54 6d 91 c8 f5 a0 9e 3d 8d 31 ce 3a 56 a9 58 42 93 f3 73 4d 2d 9e 7b 70 29 b9 3c 0e 99 e4 50 58 fe 9d ea c0 7e ec f5 34 e0 d8 a8 81 ef 4b 9f c7 14 58 a2 51 f7 7d e9 56 98 0f 73 4e 07 f2 a9 60 49 1b 62 a6 8e 42 3a d5 75 3f 37 3d 6a 40 7f c2 b3 90 16 92 76 5e 8d cf 5a 98 5e 49 fc 2d fa d5 15 27 f2 a9 Data Ascii: Oa~r=t#T<T82=[j%"<$gN9MPM+1sTSM;=5T65a9=TKDNj&+c3#s?J?=qPZ(?JF!t%zTm=1:VXBsM-{p)<PX~4KXQ}VsN`IbB:u?7=j@v^Z^I-'
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 48 e2 dd 71 d3 bd 23 36 17 d7 14 c6 6f 9a 9a c7 3c fc dc d2 b1 0c 1d 86 de 3f 4a 82 42 4a 9c d4 87 3d fb d3 02 33 37 02 b6 a7 16 dd 92 d4 44 2c 09 60 05 4d 14 1f 2e 7a d4 f1 41 ec 41 ab 31 44 76 f0 2b ea 72 ac a6 52 6a 53 5a 98 54 a8 57 8a 23 ff 00 d7 ab 50 41 d0 77 a9 e1 83 38 e2 ad db 41 db 0d d2 bf 44 cb f2 de 54 b4 39 25 26 47 6b 6f fe cd 6a 59 c3 b5 47 14 96 b0 11 d5 6a ec 49 8e 71 5f 69 83 c2 f2 25 a1 8b 63 a0 5e c6 af 5b ae 71 eb 50 c3 1f cc 0e 2a e4 29 d2 bd ea 70 b2 24 92 15 f9 b0 6a dd ba 74 c5 47 6f 1e 3a f3 57 6d d3 1c 1a e8 48 d2 28 9a dd 3e 51 57 ad d7 2a 05 43 6f 1e 7a 77 ab d0 26 d5 06 93 66 89 12 c2 9d ea cc 43 e5 e6 a3 40 38 a9 90 74 15 9b 34 25 4c 0a 77 5a 6a 8e c6 96 a0 07 01 8a 55 e3 9a 6a d2 af 5a 90 24 a7 01 f2 f1 4d c5 48 a3 b0 a9 Data Ascii: Hq#6o<?JBJ=37D,`M.zAA1Dv+rRjSZTW#PAw8ADT9%&GkojYGjIq_i%c^[qP)p$jtGo:WmH(>QWCozw&fC@8t4%LwZjUjZ$MH
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 1e 55 3d 81 3f 31 f4 05 7d 2b 1e 44 06 9d a5 dc 0f 3c 90 c4 54 c8 84 b3 94 04 46 07 42 77 1e 5b 1d 32 7a 9e 95 6d 6e 30 e6 33 26 dd 8b 80 17 a9 27 a8 04 74 cf b7 27 db ad 61 69 2d 07 da 0d c3 b8 2d 12 17 ca ae 43 72 17 72 83 ea 49 c0 ee 48 ab 6c be 7b 9c 38 8c ab 01 f2 f2 03 1c 8c e7 f8 8f ca 40 f6 4f 7a e7 92 71 7a 16 8d b5 76 65 1b 51 43 2f 08 a0 fc ab 8f e2 38 ed ee 38 5e d9 63 9a 34 fb 93 b5 9d 06 ed 87 00 92 3f 7c c5 bb 76 03 3c 67 eb e9 93 93 05 cb 3b 24 60 10 aa 07 99 f3 11 f7 7f 87 3e 80 06 1c 7f 8d 3a de 67 72 59 f0 8b 16 d6 23 3b 15 57 60 c1 3e 84 81 c7 f7 54 13 dc 51 2b d8 7d 4d 2b cb a6 89 77 21 d8 d2 e4 87 23 94 51 c6 55 7a e5 89 27 d7 18 e9 c5 45 a6 33 c2 f1 c8 91 b1 6f 2c a0 46 39 23 73 64 9c f7 76 e3 27 fd d1 eb 55 83 b4 f1 f9 84 fc cd 8e Data Ascii: U=?1}+D<TFBw[2zmn03&'t'ai--CrrIHl{8@OzqzveQC/88^c4?\|v<g;$`>:grY#;W`>TQ+}M+w!#QUz'E3o,F9#sdv'U
2024-12-18 08:42:48 UTC	16065	IN	Data Raw: 83 2d f4 e9 4e de 42 81 d0 ff 00 88 eb 50 ee 53 cf 51 d0 0e e6 95 58 6d 2c 7d 32 3f cf a5 03 b8 93 b8 d8 08 1c 03 f9 d4 6b 96 5d d8 f9 40 c6 7b 0a 59 46 e6 18 ed d8 8f e7 4f b7 4e 9c 67 d7 3d 28 12 dc 40 08 e5 80 c1 03 19 ea 69 5f 23 9c 63 fc 4d 4f b5 42 e0 f3 c6 7a f3 f9 76 a8 9a 4c a8 03 19 f5 eb 48 bb 10 bb 36 d0 3a ff 00 5a ae dc 21 38 e9 de ac 4a 70 c4 75 a8 1c 64 92 7a 53 13 3b bf 82 97 e0 79 b6 ac 46 0f ad 7a ef 87 0d bc 96 62 34 20 3c 6c 49 f5 c1 f7 af 0f f8 40 e1 3c 54 91 10 0a c9 f2 8f a9 af 43 d5 f5 09 74 3f 10 6c 43 84 94 71 5c b5 a3 76 c1 3b 34 74 5e 26 ba 88 c9 80 72 14 8d be e3 19 eb eb 55 63 d4 51 6d 94 21 da d8 c6 3d 45 67 4b 71 e6 c8 a5 fe e9 20 9e 6a c4 56 62 6b 85 0a 76 8e b8 e7 07 8a e6 6b 43 6e 63 54 5a f9 b0 a4 ac 01 dd f3 0a d1 b8 Data Ascii: -NBPSQXm,}2?k]@{YFONg=(@i_#cMOBzvLH6:Z!8JpudzS;yFzb4 <lI@<TCt?lCq\v;4t^&rUcQm!=EgKq jVbkvkCncTZ
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: c7 26 cd ef 26 c5 ee a8 dc 0f 62 7f 0a 8a 5d 89 6f bd 0a 22 9c e7 19 19 fd 32 69 39 37 d4 63 da 58 e5 91 43 44 5d 97 b1 c6 d1 f5 1d aa 2b 93 24 89 fb c9 3a 70 23 8c 73 f8 0f ea 69 22 1f c2 91 b8 1d d8 8c 72 7d 07 f5 35 1d cd cc b6 8a 5d a4 10 46 c7 69 c7 32 31 3f af e0 2a 75 63 b9 0a 5b c8 18 ef c4 2a 71 94 07 2e 7f de 6e df 41 49 24 96 a8 ca eb b4 b7 45 62 09 07 e9 52 99 11 e3 c6 cf 2a 30 33 87 e5 db dc 8e c3 eb 54 e7 81 ee 24 f3 e1 fd dc 60 1f de bf 53 fe ee 7a 0f e7 4a 3e 60 25 fd f2 c7 8c 83 24 ad c0 77 e7 9f f6 57 a6 7f 0a 65 be 9d 24 e4 4b 7c 0c 8d 9d c2 2d d8 e3 d5 8f 61 ed 51 e9 db d6 e5 a6 81 f1 1e 4a 9b 83 19 76 3e a1 47 4f c6 af 48 42 c6 02 c6 c0 39 ca c5 9c b3 b1 ea cc 46 78 f6 ad 76 d8 44 8e 62 75 50 b2 60 37 01 97 8e 07 f0 a0 ec 3d ea bc a6 Data Ascii: &&b]o"2i97cXCD]+$:p#si"r}5]Fi21?uc[q.nAI$EbR*03T$`SzJ>`%$wWe$K\|-aQJv>GOHB9FxvDbuP`7=
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 68 ed 4c 95 23 d3 2c 12 dd 5c af cb 96 39 c7 35 8f ac 5c 2c 87 7c 64 95 23 6f 03 8c d5 5c c2 50 bc ae 43 ae fc 4b d7 74 c8 57 4e b1 82 28 88 5c 89 58 6e 3c fa 0e 95 c2 ea 7a 8e ab ab dc 35 ce a5 79 2d c3 b6 7f d6 31 23 e8 07 41 5d 07 8e 21 46 8e d5 a3 03 70 07 79 fe b5 9f a7 d9 e5 7c c7 23 39 f4 c8 fc 28 8f b3 a7 ef 28 ab 9c d5 13 72 b3 65 7d 36 df 72 e0 01 f2 f7 f7 fa d6 c6 9b 63 9e 5c 72 3d 47 5f ad 58 b3 b6 5d 9d 0e e0 78 5e e7 fa 0a d0 86 3c a2 e4 e1 87 5e 4e 3e 83 d6 b8 ab 56 7a d8 23 1b 0d b5 b4 43 c1 23 dc 2f bd 6a 59 5b c2 3e 50 f8 63 fc 27 fc 6a 0b 48 37 38 00 6d ed 90 39 e7 d3 35 b1 6d 6f 11 c2 24 4c cd ea d8 fd 39 c5 70 d4 a9 a1 69 5c 65 b5 bd ba 31 28 9e a1 87 43 fc ea f4 69 94 0a 8b 9c 81 81 b4 0f c2 9d 14 4a 15 98 70 cb c1 fa 55 bb 54 d9 20 Data Ascii: hL#,\95\,\|d#o\PCKtWN(\Xn<z5y-1#A]!Fpy\|#9((re}6rc\r=G_X]x^<^N>Vz#C#/jY[>Pc'jH78m95mo$L9pi\e1(CiJpUT

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:42:48 UTC	375	OUT	GET /th?id=OADD2.10239340418586_15W93I98EWXDJY7GO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-18 08:42:48 UTC	852	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 488476 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: E34B060B3207438EB52C4152EC7C4634 Ref B: MIAEDGE2309 Ref C: 2024-12-18T08:42:48Z Date: Wed, 18 Dec 2024 08:42:48 GMT Connection: close
2024-12-18 08:42:48 UTC	15532	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 31 20 30 30 3a 32 38 3a 32 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:11 00:28:238C
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 82 da 4f 37 fb aa c3 e5 15 97 71 6a 66 93 7c 7a 7a b4 b2 65 7c c5 f9 9b 1e f4 6e 56 bf 33 2a 3d 37 46 89 54 cf 73 04 65 b1 b9 76 ee dd 57 26 d0 f4 35 ff 00 8f 7d 56 da 49 3a ac 7b 4e e6 fa d4 69 0e 9e b2 2c b3 c5 04 05 73 fb ce ad f8 50 da c6 8d 68 ac 20 82 59 e5 91 71 fb b5 fb bf 53 53 66 8b ba d9 96 a0 f0 f7 92 db 05 8d a3 79 8b f3 34 8c 19 79 f6 15 53 5c 86 e6 1b c5 8e 2f ec f8 02 ae 3e 5f 99 9b f1 a9 ed bc 61 6d 6f 22 c6 9a 67 98 24 5f 2d b7 75 cf d0 7a d6 8d aa f8 6f 53 f2 a7 bf b6 5b 36 6e 3f 78 df 37 ff 00 5a a7 9d ae 83 e5 8d b4 39 79 34 db c4 93 cf 8e e9 54 ff 00 7b cb 1f 8d 44 da 26 a8 aa de 66 a0 aa 1b 95 f2 fd bf cf 4a f4 28 6c 3c 0f 7f 23 41 2e ae cb e5 fd d6 91 b6 2f fc 06 aa dc e8 1e 19 32 66 2f 11 b4 65 7f d5 c5 1c 65 77 7e 74 d4 a2 1c ad Data Ascii: O7qjf\|zze\|nV3*=7FTsevW&5}VI:{Ni,sPh YqSSfy4yS\/>_amo"g$_-uzoS[6n?x7Z9y4T{D&fJ(l<#A./2f/eew~t
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 37 f1 0f 6a af b6 e6 79 33 71 3c 8c 1b fd 62 ee f9 69 f0 24 71 43 f3 7f c0 7f d9 a9 37 86 6c 8e 8a b5 8b 72 7a 1d 11 84 62 2d 8c 0b 0f c8 3a 6e 3f 95 4a b3 b9 e1 1b e5 66 f9 7f fa f5 0e ef 97 e7 6d bb 9b f8 7f 88 d2 48 fb 17 fb bb b3 fc 34 d2 48 2e c9 d5 cb 33 65 b9 5a 8a ea ec 8d a1 3a 7f 15 46 dc 47 9f ef 67 6d 33 6a 3f fc 07 fe fa a7 cc 67 cb 72 86 a5 79 30 8d 9f f0 f9 be ed 64 cc d7 72 c2 d2 6f fb df 2a af b1 ad db bb 78 26 8f 63 a6 ef 9b ee ff 00 85 52 92 c1 fc b5 28 df 33 37 fc 05 71 54 a4 d8 59 19 ce 9b 15 72 cc c1 78 aa b7 0e 5b e4 8b 73 56 9d d5 8b 2b 2a 0d cd f3 0f 9a a3 6b 54 1f f7 d1 f9 9b e6 a1 93 cb a9 94 ca 4c 6d f3 6e 91 78 f9 5b 6f 35 06 fb 8d db 1b f8 6b 59 e0 70 cd 24 bf 37 fc 07 bf a5 3d 20 47 5f 9e 35 61 fe d7 cb 45 ec 84 cc 75 8a 44 Data Ascii: 7jy3q<bi$qC7lrzb-:n?JfmH4H.3eZ:FGgm3j?gry0drox&cR(37qTYrx[sV+kTLmnx[o5kYp$7= G_5aEuD
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: d5 ff 00 68 ee a7 71 f2 dd 6a 42 f6 65 bf da ff 00 81 52 79 27 bb 71 53 21 dc cc 4a ed a8 e6 92 25 e5 db 6f fc 0a b4 52 39 e5 0e c4 4d 6f 95 e5 a9 9f 67 c6 e1 b9 9b e5 db 52 a9 49 39 47 56 ff 00 76 4a 72 ac 9b 72 57 fd df 9a ad 48 cd c5 b2 95 c5 a8 2b b0 ff 00 15 41 36 98 8c bf 22 b6 37 7f cb 36 db 57 dd 98 2f ce bb bf d9 a1 36 18 f8 8b 6d 3e 64 42 8b 31 e6 b1 78 db f7 6d f3 6e f9 59 be 6a af 1c 97 76 cd e5 79 bb 97 9f bc db 9a b7 8c 4a 76 96 45 61 51 49 0a b2 e5 22 ff 00 76 8e 58 b1 f3 49 19 36 ba be a3 1c 8d 15 bc f2 2c 6a c3 76 e5 f9 1b d4 73 da b6 62 6b 4d 46 cf 7c 96 30 fd a7 9d d2 44 bb 79 fa 74 15 9f 73 66 0f 55 e7 fd aa a5 71 15 fc 2d bc 2b 28 8f fb b4 3a 4a fa 07 b6 76 b3 d4 b1 b7 c9 9b 65 c5 b4 78 8f 9f bc 7e 6f ca ad 5a eb 72 45 24 65 d9 96 15 Data Ascii: hqjBeRy'qS!J%oR9MogRI9GVvJrrWH+A6"76W/6m>dB1xmnYjvyJvEaQI"vXI6,jvsbkMF\|0DytsfUq-+(:Jvex~oZrE$e
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: e6 38 1b e5 b6 5c 5b c5 9f c3 92 05 65 78 a3 47 be b3 b8 fb 66 9f 62 b7 97 0c bf 2a ab 7f ab 19 f5 3d 3f 0a d6 9b c4 1a 04 ed 1c f7 37 92 45 2c 79 31 ab 4e 3f 3e 2a e5 bf 89 34 3f b2 b1 b7 d4 2d a4 3c ee dd 26 d3 cf 5c d5 2a 8a db 13 ca bb 98 bf 09 f4 d9 34 7f 19 47 aa f8 86 5b 18 95 97 29 12 e5 db 3e ac c7 a7 e1 5e bd 6f f1 3f c2 f1 5f 4a 65 d6 ad a3 8e d9 7e f3 7f 13 f7 c7 ae 2b cc 2f af ac ee 6c 64 48 1a 1d d2 a9 f9 95 8b 6d 1e cd da b0 e6 f0 f6 99 77 e6 19 22 66 45 ff 00 59 22 c9 f2 af e7 d2 a9 4e 29 6c 68 a5 24 ac 8f 58 93 e3 67 c3 fb 78 ff 00 e4 39 b4 49 29 f9 56 02 19 8f 73 8a c7 d7 7f 68 4f 0c 58 c3 29 b4 5b 9b a2 aa 7c b8 a3 5d ad 31 3e 9e 9f 8d 79 2d d7 86 74 a3 0b 0b 28 15 8b 37 c8 cd 20 dc d5 52 6f 09 d9 5b c2 db e2 dc dd 5b ca f9 9a ab da 26 Data Ascii: 8\[exGfb=?7E,y1N?>4?-<&\*4G[)>^o?_Je~+/ldHmw"fEY"N)lh$Xgx9I)VshOX)[\|]1>y-t(7 Ro[[&
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 17 a5 26 b1 e1 2b 24 d3 d7 64 5e 5b 7f 13 7d e6 c0 ed 8a b5 52 2c 85 1a 89 68 65 5d 7c 48 d3 e0 bc 96 ce d5 a4 b9 ba 69 3e 59 3c bd b0 c7 9f 4f a5 43 e2 0f 8a f7 9a 55 aa db d9 6a ab 79 77 b7 e6 f3 21 db 0c 64 fa 77 63 54 af 3c 1b 66 77 09 f5 a6 8a 39 7e ef 97 17 cf fa 56 15 cf 83 b4 85 b8 91 46 a1 77 24 91 b6 17 f7 7c f1 56 a5 06 63 28 d4 5d 48 67 f8 c5 e2 0f 31 a6 d4 f5 3f 3c ee c4 71 c7 06 d5 fc 00 e8 68 4f 8d de 31 16 b2 47 1f 97 02 ca a7 cb fd d8 67 fc ff 00 86 aa dc 78 5e d6 1f 33 ec ba 64 ec db 7f d6 5c ff 00 0f 7e 00 ac a6 d1 6f 4f 98 77 36 3a b4 6a a2 8f 67 09 2d 89 8c aa c7 4e 63 77 47 f8 db e3 3d 3f e7 92 75 b9 92 46 cb 2c aa 76 af b7 e1 5b 16 bf 1a 7c 51 3d c6 2e f4 eb 19 03 72 d1 ed fb d9 fe 55 c7 c7 a0 ea 93 36 cb 2b 36 6f 97 e6 f3 57 6b 2d Data Ascii: &+$d^[}R,he]\|Hi>Y<OCUjyw!dwcT<fw9~VFw$\|Vc(]Hg1?<qhO1Ggx^3d\~oOw6:jg-NcwG=?uF,v[\|Q=.rU6+6oWk-
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 00 81 51 b0 37 f7 73 4d 55 1b bf 8a 9d ff 00 8e fc dd e8 7e 64 75 12 45 23 91 48 ad 8e b5 28 20 b7 3f f0 1f 97 b5 35 d3 b8 eb b7 95 a3 97 b0 b9 bb 8c e7 bf 3e d4 e5 6f 97 14 d2 76 b7 14 32 fc b4 d1 5b 93 a3 7c b4 bb 96 45 c1 6e 6a 15 c0 a7 42 c1 5b f8 a9 c7 56 67 28 89 24 7f e4 53 14 14 6e 7f ef aa 9f e9 4d 20 16 c0 5d b4 72 6a 55 c4 56 ec 69 53 3f 2b 0a 51 11 dd fe 35 19 2c ac c0 fc dd a9 bb ad c5 a3 d8 b0 1c 16 6f e1 ef 4e dc 0a e3 b7 f0 d5 70 c4 f1 dd b8 a9 01 25 b9 6d b4 d4 88 71 18 d1 ed e9 bb 14 85 7e 6c 1e 9d 6a 45 24 70 3a 7a 50 d2 06 5d a4 51 64 55 d9 5e e2 22 39 1f 2e ea 4c e3 86 ed 53 ec 25 72 3e 6a 63 28 1f ec d1 d4 b5 2d 06 47 f7 be f6 55 ba 53 c8 2a b9 da d8 fe f7 f7 6a 2d a4 32 ff 00 0e df e1 ab 36 b2 11 d7 f8 a9 a1 4b c8 40 e4 33 7f 10 6a Data Ascii: Q7sMU~duE#H( ?5>ov2[\|EnjB[Vg($SnM ]rjUViS?+Q5,oNp%mq~ljE$p:zP]QdU^"9.LS%r>jc(-GUS*j-26K@3j
2024-12-18 08:42:48 UTC	16065	IN	Data Raw: a9 59 6c 67 2d 48 9e fa d1 b8 2d 3e e6 6c 2f 5a cf ba d5 ad 20 69 16 4f 32 3d b2 6c 59 24 5f 96 43 fe cf ad 6b 5d 2f 9b b7 cb da a1 78 f9 7f 86 a3 9a 08 97 6c 91 aa ee ff 00 69 77 55 26 44 a2 62 dc 6c 7b 5f 37 74 fe 5b 7d e6 dd f7 ab 5a c6 e4 c9 67 1c 02 56 95 57 ef 6e fb b8 1d 85 45 74 d6 93 c6 d1 c8 cc b2 2f f0 ff 00 74 fb 55 6b 3f 3a c2 e2 43 04 ad 20 93 1f 34 9f 75 7d 85 56 ea c4 26 d3 35 35 e8 3f b4 a1 82 4b 0d b1 47 2b 6c b9 67 5d df 4c 7b 55 7b ab 78 05 d2 83 3c b1 c3 12 81 b7 cb f9 58 fa fa d6 a5 85 c3 b2 fd a0 c4 b2 b6 dc 2c 6b c2 e7 fa d5 2b e8 cd e3 49 7a 6e 96 29 a3 52 65 69 3e 65 5c 76 c5 61 ca d3 f2 3a 5c ae af 72 0b ed 47 4c d3 ed e2 8d 2c da 01 b7 3b a4 f9 9a 4f f0 a8 63 d5 25 9a eb f7 71 79 42 5f f9 68 df c5 f4 15 67 4a 1b e4 53 ac c0 be Data Ascii: Ylg-H->l/Z iO2=lY$_Ck]/xliwU&Dbl{_7t[}ZgVWnEt/tUk?:C 4u}V&55?KG+lg]L{U{x<X,k+Izn)Rei>e\va:\rGL,;Oc%qyB_hgJS
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 4b 59 1e 3d ab 2f 96 06 ed bd fe a6 b9 ff 00 ec dd 6e fa 6d 92 5c b4 7b 5b e5 55 8f 62 53 75 0f 8a 5a 34 51 ac 92 5b 5c c7 33 37 fa b8 e3 dc ab 8f 7e 94 d4 f8 9c f7 aa a2 ce ce 75 66 5c f9 b2 c8 8b b7 e8 2b 5e 62 a5 1b 92 ea 5a 76 b9 61 6f e6 5b 5b 2d d5 c4 9c 2c 8d 9c 2f b9 af 3c f1 3b 6a 8d 71 22 6a fa d2 c9 23 37 cd 14 0b c4 7e d5 df ac e7 5a 5c de 5f 4e c5 97 7b 34 97 a3 6a e7 db a5 3a db c3 1a 3c 56 ec f6 da 6a df 37 f0 f9 0d bf 71 3e a6 a2 53 43 f6 77 d8 f2 9b 77 f2 97 ca d3 ac 59 99 db 0c cc df 76 b5 57 4d bd 86 16 92 f6 78 d4 c8 b9 58 a3 5d cf f8 d7 76 74 7d 62 5f 31 ad bc 2e b6 d0 af 1b 9a 40 bc fd 7a d3 6d f4 8b c8 6f 3c c8 a2 8d ae a3 5f bc df 32 a9 f4 c9 a4 dd f6 12 8a b9 97 e0 1b 3b b8 24 92 fe 55 58 2d f6 e3 b2 f1 f8 f5 ad ab 9b cf 04 da c3 Data Ascii: KY=/nm\{[UbSuZ4Q[\37~uf\+^bZvao[[-,/<;jq"j#7~Z\_N{4j:<Vj7q>SCwwYvWMxX]vt}b_1.@zmo<_2;$UX-
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: b7 b6 7e e8 e7 ef 7f 16 29 c9 a6 25 7b 96 6c 6d d5 d7 e7 fb aa d5 bb 6e a9 6f 6e df 2a af cb fc 3c 2a d5 1b 25 de ca 47 cc 3a 6e fe f5 37 50 b9 32 49 b1 3f d4 ab 61 7f da c7 ad 64 d9 b4 48 75 8b cd fc ab 7c eb fc 3f c3 58 b1 93 25 c7 98 ff 00 76 9f ab 4e ef fc 3c 74 5f 9b 70 a4 d3 90 bd bf f7 93 f8 a9 c5 75 22 52 bb 2f 59 84 5d a5 3e 6f ee ee ab e1 c3 34 98 da a7 f8 b6 ff 00 2a 82 31 fb b4 67 da ab fc 5f de a7 a3 c7 b5 be 4d ab 4e 56 2e 2c 9a dc 9f 2f 7b 2e e3 bb 0a aa df 7a b7 34 f8 c1 b7 60 15 be 5f bd b9 bf 9d 62 d8 c8 42 a9 3f 31 fe 1f f6 6b 6e cc ba c3 f2 7c a5 9b ef 49 5c 75 11 d5 4a d7 3b ef 87 b2 ee d2 5a 37 db 98 9b 67 7f 94 76 ae 81 5d b7 29 1d 79 db b6 b9 3f 86 f2 e2 1b 98 be e9 dc 19 57 6f 6f 5a eb a2 27 77 ca bf ef 6d af 97 c7 3b 54 91 f7 99 Data Ascii: ~)%{lmnon<%G:n7P2I?adHu\|?X%vN<t_pu"R/Y]>o4*1g_MNV.,/{.z4`_bB?1kn\|I\uJ;Z7gv])y?WooZ'wm;T

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:42:48 UTC	346	OUT	GET /th?id=OADD2.10239340418585_1K319IV1QEN3HBC0V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-18 08:42:48 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 443925 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 37A9484E98B1445E9355A9B0DBBE42B5 Ref B: MIA301000102039 Ref C: 2024-12-18T08:42:48Z Date: Wed, 18 Dec 2024 08:42:48 GMT Connection: close
2024-12-18 08:42:48 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 31 20 30 30 3a 32 38 3a 35 37 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:11 00:28:578C
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: f8 d7 35 1d d6 a9 73 0c af 73 63 1d b4 2e df bb db f3 71 f4 ad 08 f5 2b 0d 22 dd 64 f2 a4 be 93 6f cb 1f 97 f2 d7 3c a0 db 3b 28 d5 b2 d4 d5 d5 27 b6 86 36 b8 8a 75 96 26 5c 7c df 76 b0 e6 f1 21 4b 5f b3 c1 2a cb b6 4c 36 df be a3 bf 1e b5 9f ac 78 87 57 ba 91 4c 9a 2c 1e 54 7f ea e2 fb ad fa 55 9f 0c db 1d 46 d5 64 d4 22 5b 43 b8 fe ed 7e f7 e3 49 46 c1 2a ce 6f dd 29 c3 aa 48 f2 37 da 2d 95 7c be 15 9b e6 6c 7a 9f 73 4f ff 00 84 83 45 2a de 7b 48 b2 2a 9d b1 6d da b9 ad f8 74 cd 3f 74 91 24 ac a5 5b 3f 32 fc bf 52 69 ff 00 f0 8e 09 59 85 a5 9d b5 d4 9d 7c de 1a 9f 3a 25 51 93 39 db 5f 12 3c ed 88 a0 dc ab 81 f3 29 eb 5a f6 77 11 5d ee 7b 8d 2a 39 63 55 ca f9 98 db 9e fc 53 ee f4 9d 76 d6 16 11 41 04 5f ee a8 ef 58 da 86 95 79 22 ec 32 dc c8 59 77 36 cf Data Ascii: 5ssc.q+"do<;('6u&\\|v!K_L6xWL,TUFd"[C~IFo)H7-\|lzsOE{Hmt?t$[?2RiY\|:%Q9_<)Zw]{*9cUSvA_Xy"2Yw6
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: da 49 04 52 69 ed 3b 4a df 2e df e1 fa fa 56 6a 33 5b a3 49 4e 94 ba 58 e7 35 6b 29 1f a2 b6 e5 ce d6 5f f0 ac bd 43 c2 ba 55 ca aa df bc 72 05 c7 cc cd b5 b3 ef 5e 8d ff 00 08 d4 77 52 32 3d ca ab f5 93 e6 f9 56 a8 6a 5e 01 53 34 7e 5c 0b 38 93 9d bb b7 74 ad 39 a4 8c 7d 8a 96 c7 05 26 9d 65 a3 da b2 69 5a 63 4f f3 67 cc 5f 95 5b df e9 59 3e 4d e5 fb 6f 8b 4c 92 36 75 ff 00 59 1a 9e fd ab be bb d3 6f 6d 26 68 a5 dd 1f 97 c3 2a ff 00 0f a0 c5 55 49 b5 58 6f 98 c4 aa b1 af de 91 be 5e 7e 95 4e 6c 5e c7 95 ea 70 36 de 13 bf 0d 99 19 a0 2d cb 4a d1 fc cc 7d 16 ad e9 fe 1a 11 c8 d2 5e 36 a0 cd fc 2c d9 db ed c0 e9 5d cd ee a8 f1 ae e3 1a b4 8a b8 5d cd f7 bf 0a af fd bd 72 de 58 dc b1 ab 37 f0 fa 8a 8b b6 3e 58 df 73 16 0d 2c 5b 2b 07 6b 95 66 6c ab 37 cc d9 Data Ascii: IRi;J.Vj3[INX5k)_CUr^wR2=Vj^S4~\8t9}&eiZcOg_[Y>MoL6uYom&h*UIXo^~Nl^p6-J}^6,]]rX7>Xs,[+kfl7
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 1c 95 af 82 a3 4f f5 56 3c ee f9 99 a4 dd b7 f1 ad 6b 5f 08 c6 d0 ec b9 b9 8a 28 d5 be 6f 2d bd 2a fc e2 df ec eb 1b df 6e 0a df 37 96 db 76 fe bc d5 29 b4 6f ed 4d a2 3b e9 22 1b 7f 82 4f bd f5 cd 6b 73 09 41 3e 85 7d 53 43 b0 82 df fd 1a 08 17 a1 56 6f 9b 70 ac c6 d1 03 fe ef ed 96 d1 f5 da aa bb 79 f5 cd 6a dc 78 46 db 6f ef 35 39 24 91 7e f6 eb 9d bd 3b 01 4d 9b 42 b3 86 18 f0 bf 37 f0 ee 9f 70 fd 2a a2 43 4d 18 57 de 1f d3 17 76 6f a4 97 e6 cf 97 1b 7c b9 f7 ae 6b 5e ba 8e da e1 a2 3f 28 55 fb ab f3 57 7e fa 3d a4 96 ac 1e e7 c8 f3 7e eb 2f df f7 ac b8 74 7f 0f 59 5d 2e f9 fc c2 ac 7e 6f bc cd eb 4c 39 53 e8 79 fc 37 6f 2c 8a 9f d9 f3 a8 fb d1 c8 ab f3 35 5c d4 34 ff 00 3a dd 7c d8 2e 63 5d bf 75 58 ee af 53 b7 5d 0b 6a cb 0d 9a c6 cb c6 e6 8f 6f 06 Data Ascii: OV<k_(o-n7v)oM;"OksA>}SCVopyjxFo59$~;MB7pCMWvo\|k^?(UW~=~/tY].~oL9Sy7o,5\4:\|.c]uXS]jo
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 23 eb fc 3b a9 bb 30 d9 db c3 7f 15 55 da d8 2e 98 fc 0d ad 21 f9 aa 2b a8 56 e2 16 da b4 e1 9d bf e7 e6 a5 8e 40 a8 bb ff 00 1a a8 cd 5c 35 4e e8 e2 7c 49 65 e4 33 3b c4 cd 6d 23 62 54 5f e1 f7 15 83 7d 03 d9 49 b2 35 da ad 83 04 df dd f4 04 d7 a6 ea 56 eb 3c 2d b9 7e 56 5c 7b 57 13 a9 d8 ac 1b b4 eb 8f 96 de 5f f5 12 7f 74 8e c6 bd 7c 26 26 ef 95 9c f8 8a 31 94 79 e2 60 5a 78 c6 f3 49 bc f3 fc 8f 36 38 9b 64 f0 2f ca ad 9e e6 ba 4b 4b 8b 0f 12 5a ac 96 50 46 aa f2 61 64 fb bc b7 63 e9 5c 86 b0 92 1f 36 5f 2b f7 f0 29 49 77 7d d9 07 6a f4 8f 85 fa 66 81 e1 ef 87 77 29 aa 5f 48 da 8e a4 9f 6c 5b 6b 95 f2 45 b9 23 e4 5c f5 e3 af 3c d7 ab 1d 7a 9e 44 ef 17 b1 c3 eb 1a 01 b6 86 73 1c bf 34 6d 8d ab eb f5 ae 6a e3 4a 97 ce 58 bc f8 e2 3b be f3 37 19 fa d7 75 Data Ascii: #;0U.!+V@\5N\|Ie3;m#bT_}I5V<-~V\{W_t\|&&1y`ZxI68d/KKZPFadc\6_+)Iw}jfw)_Hl[kE#\<zDs4mjJX;7u
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: e3 75 40 f1 5c 46 df 2c 4d f7 bf cf 5a 7c 71 4e 6e 94 23 32 ae d0 59 b7 77 f4 a3 99 85 91 99 a9 69 fa eb 5c 28 82 f1 59 55 87 ca cb fe 15 0d d6 93 ad c9 c8 be 8d 65 dc 37 49 e5 86 da 3d 00 ad cf b3 5e 8b cf 3f 73 6d 6f e1 5f e1 a9 3c ab 89 63 6f 3d be 68 f9 dc b5 32 d4 a8 f6 32 23 d2 da 15 6d fb ae 6e 37 67 74 9f 77 f2 a9 55 35 07 91 a3 31 2f 96 cb f3 48 b5 a1 bb c8 8f cc fb 34 92 0f f6 b8 dd 50 c7 35 ec cc ad 27 97 00 6c fc ab f3 36 3d e8 bd 89 94 7c ca b2 58 0b 78 73 1f 98 d2 35 64 dc e9 26 4b a8 f6 41 26 15 89 66 91 87 7a e9 fc a9 55 94 4b 79 f7 aa 38 e1 89 66 c4 4d b8 f5 dc df 35 4d 93 17 53 0a e7 48 d1 e2 85 9e f3 cc 66 e9 f2 fc df 95 64 6a 96 ba 64 10 e6 3b 19 65 66 e7 b7 4f 53 5d 6d f6 9f f6 b6 67 2a b8 ff 00 7b ef 55 67 b1 92 1f 92 de ce 09 06 df Data Ascii: u@\F,MZ\|qNn#2Ywi\(YUe7I=^?smo_<co=h22#mn7gtwU51/H4P5'l6=\|Xxs5d&KA&fzUKy8fM5MSHfdjd;efOS]mg*{Ug
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 41 a3 02 1d cb fe 79 34 cd 17 58 16 56 7f f0 8f 78 99 be d1 a6 c5 91 03 23 7f ab 93 9c 6e 7f ee 8f 4a d9 49 2b 9c 52 8f bc 37 c1 d7 fa 83 5b c9 71 e1 9d 43 fb 1e 5b 1b 60 97 2b 2c 9f f1 f0 33 fc 0b fd ee f5 d8 5a d8 eb 2d 70 b7 12 34 7a 85 bd d4 61 da 7f 3f 74 8a 4f 3f 30 15 c0 eb 1a 37 97 71 ba 29 fc fb 6f 2f 30 34 4b 8e 0f 73 df 15 27 85 fc 64 7c 2b e5 c1 f6 69 e7 0c d9 76 69 36 f9 9e 83 3e 9e c2 bd 0c 2e 21 c7 43 cf c6 61 79 af 23 d5 7c 17 77 6f 6f 7d 25 a4 2d 22 ca aa 4e d9 fe 45 fc 2b 7a 3b 9b db 6b 75 49 2c f7 45 b8 9d cd f7 7e b9 ae 2f 44 d5 f4 bd 76 ce 0b bd 6f 75 9d e4 ac c5 67 db b2 3c 0e 81 0f f1 1c d7 5b e1 c9 cb db a5 bc f7 3f 69 b7 e9 1b 2f dd 6a f5 29 d4 53 d5 33 c6 a9 49 c0 7c 8f 68 57 cc 12 b2 ca df 76 35 f9 ab 3e 49 90 72 8c ad b7 f8 9b Data Ascii: Ay4XVx#nJI+R7[qC[`+,3Z-p4za?tO?07q)o/04Ks'd\|+ivi6>.!Cay#\|woo}%-"NE+z;kuI,E~/Dvoug<[?i/j)S3I\|hWv5>Ir
2024-12-18 08:42:48 UTC	16069	IN	Data Raw: 4d d2 cb e5 6e 0a d9 ac 17 ff 00 89 57 8e 95 fc df dc de 21 1b 7d cd 7b 14 66 a4 ac 72 62 20 e3 25 22 6f 14 a4 97 5e 17 68 c2 af 99 67 20 75 db fc 48 2a ad cd cc 97 3e 1f 8e ed 19 54 b2 8d df 37 61 da b5 24 46 fb 67 d9 e4 66 92 39 63 23 6f b9 e9 58 1e 1d 8d d6 6b 9d 22 ed 5a 42 b9 f2 d9 bf cf a5 74 46 ee 2f c8 e4 a9 1b 4d 79 9a 9a 76 9d 68 3c 01 1f 88 35 18 26 b9 b8 96 fb c9 8a 35 6c 43 1a 8e 9b 87 f1 1c d4 77 fe 22 d7 26 9a 38 25 bc 93 ec 6a e3 74 0a db 55 80 e7 1f 41 4f f0 fe b7 7d e1 d8 7f b2 4c 4b 71 a4 cb 29 f3 22 97 e7 68 41 fb cc be f5 32 d9 f8 67 58 91 7f e1 1e d6 64 69 67 7c 2c 57 71 f9 3b 46 78 f9 9b a6 7b 7b 56 b1 f2 39 65 1b 7c 41 f1 03 5b 6d 5e 48 a5 b0 b6 b9 83 6c 78 66 69 0c 8c df 4f 4a c4 f0 ec 31 41 e2 eb 11 a8 b5 8b 47 2f 37 33 ea 12 1d Data Ascii: MnW!}{frb %"o^hg uH*>T7a$Fgf9c#oXk"ZBtF/Myvh<5&5lCw"&8%jtUAO}LKq)"hA2gXdig\|,Wq;Fx{{V9e\|A[m^HlxfiOJ1AG/73
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 37 e6 d4 74 d0 57 ee 26 ff 00 99 7e 6f bd ce da 46 90 85 c2 75 ed bb d7 eb 4e c0 ea 57 91 f8 53 64 20 b3 03 d1 a8 bb ee 0a c2 e0 2b 65 7e 60 b5 32 be 51 72 bf 77 91 f3 7a d5 7d d9 61 f3 7d de 29 c8 72 dc 7f 09 aa 4e db 09 c6 e4 92 67 e6 c7 f1 67 fc 8f 7a 6e d1 bb 68 ea 7e f7 fb 3e d5 22 e4 b3 63 f8 7f cf e3 51 a9 f5 5e 6a 9e 82 88 cc 91 f5 ec bf e1 48 c3 7c 7e e0 73 b6 ac 65 36 f0 ad 8f ef 54 72 21 1d 3f c9 f4 a4 e3 62 94 88 4a 95 e0 2f 1d 36 d0 ac 87 6e e5 e6 a5 5c 18 f6 8f e2 e6 9a ab f2 f1 d7 fd aa 87 72 af dc 89 54 ed 52 3e 50 bf c3 4e 57 3b 94 37 fc 0a 9c ca ea c3 1f dd c5 0b c7 4e bf ee d3 57 4c 2e 33 76 c9 39 56 c7 fb df 95 3f 1b 98 01 b5 b6 ff 00 15 08 33 c7 7a 45 ca ff 00 55 f7 a7 7f b8 05 d9 1f 97 9d df 7a 93 19 6e 7a 67 3f 2f 5a 77 98 76 f2 ad Data Ascii: 7tW&~oFuNWSd +e~`2Qrwz}a})rNggznh~>"cQ^jH\|~se6Tr!?bJ/6n\rTR>PNW;7NWL.3v9V?3zEUznzg?/Zwv
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 26 56 cf dd da b5 6e 3f 2d d9 92 09 7c f0 df 79 bd 85 51 1a 5c ea e4 f1 94 12 49 f3 ed f9 7e ef fb 5f 5f 6a a3 71 e3 09 9a eb cd 8e f2 0c af 3e 5b 7c db 7f 1a e7 e4 b1 b2 3b 9c b3 4a cd fc 2d f2 d5 84 b5 b6 3f ba 31 2a 8f ee a2 8d de 94 6a 27 24 8b ef e3 6b 99 15 93 7c 6c ed fd d6 dc d5 5a 6d 7e 1b b6 fd fc 0d 19 65 fb d2 37 de c7 5a a9 36 9d 0c 5c 45 02 65 54 6e f9 bb 7d 6a 4b 7b 48 db 6b 95 f3 1b 95 dd 1f dd fa 73 40 73 21 eb 7f 13 aa 94 66 50 d8 0d 23 65 9a ae 5c df 5b a2 aa b4 fb 97 fd e2 cd f9 53 2d 62 b2 81 71 e5 2b 16 e7 6d 4a d1 d9 ba ae c8 23 5f f7 be 52 d4 14 4f 14 c9 37 97 e5 4f 1e d5 fe 1f ee e2 b4 ad e0 b7 3b a7 7d ab bb 3b 76 fa 55 4b 7b 08 36 f9 8e ab 96 6f bb 1f cb b7 fc 6a d4 30 ee 6c ed f9 95 a8 26 45 db 75 0a aa 9b 9b cc eb fd ea 9d 54 Data Ascii: &Vn?-\|yQ\I~__jq>[\|;J-?1*j'$k\|lZm~e7Z6\EeTn}jK{Hks@s!fP#e\[S-bq+mJ#_RO7O;};vUK{6oj0l&EuT

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report YF3YnL4ksc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_crypted.exe_cdbfdc08d6791259d8d78686afb4c3e58437da1_2ffbc1ed_37302da6-c44b-4dfd-9559-b6758f166fd1\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB766.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB851.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8B0.tmp.xml

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\076dd576a8178299_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0a71ed411241f66a_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0b05805acd0d1882_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0c8edd501377e254_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\13121e710409f773_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\1bc86f24c60da374_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\25227e55d9136cbc_0

Windows Analysis Report
YF3YnL4ksc.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:42:48 UTC	346	OUT	GET /th?id=OADD2.10239381054889_1NT8OC9G1HUQ0CLRB&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-18 08:42:48 UTC	852	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 784973 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 75E4954C17AD4DC0B345569CC759F67D Ref B: MIAEDGE2807 Ref C: 2024-12-18T08:42:48Z Date: Wed, 18 Dec 2024 08:42:47 GMT Connection: close
2024-12-18 08:42:48 UTC	15532	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 04 04 04 04 05 09 06 05 05 05 05 0b 08 08 06 09 0d 0b 0d 0d 0d 0b 0c 0c 0e 10 14 11 0e 0f 13 0f 0c 0c 12 18 12 13 15 16 17 17 17 0e 11 19 1b 19 16 1a 14 16 17 16 ff db 00 43 01 04 04 04 05 05 05 0a 06 06 0a 16 0f 0c 0f 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCC8"}!1AQa"q2
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 66 f1 ff 00 84 96 00 d0 6a f1 dc 48 d3 f9 02 25 ca b0 70 37 30 6d c3 0a 00 e7 3e a7 03 93 55 35 cf 18 6a 48 d1 c7 a4 e8 c9 37 9c a2 45 9e 69 e3 48 f6 91 9c 65 98 65 bd c0 20 67 9e 98 ac 6b 66 38 4a 3a 4a 7a f9 6b f9 1b 51 ca b1 95 76 85 bd 74 fc ec 76 0c 7d bb 51 b8 e7 03 f1 e6 bc d2 1f 1f f8 88 ea 10 d9 49 0e 88 b7 32 dc fd 9f c8 87 74 a7 a6 e2 e1 c1 c3 00 0f 27 85 e6 b7 e4 d5 7c 41 06 9b 2a f8 96 6d 13 4e 54 8c cd 24 96 f7 6c 24 31 85 24 9d a3 91 c0 e8 32 78 ae 19 67 f8 25 7b 5f ee 3b 7f d5 fc 5a b7 35 95 fc ff 00 ab fc 8e af 24 64 50 39 65 0a 39 3d 86 6b 96 f0 fe a3 15 f5 e2 c5 67 e2 56 9d ad 40 33 05 8d da 28 41 8c 3e 5d db ee 80 a4 67 3d f8 eb 59 7a e7 8b 3c 1f 7b 63 24 37 3e 33 b9 90 91 e5 b5 bd bb 49 6f 2c 84 e4 0e 80 15 07 07 e6 e0 00 73 9e 95 3f Data Ascii: fjH%p70m>U5jH7EiHee gkf8J:JzkQvtv}QI2t'\|A*mNT$l$1$2xg%{_;Z5$dP9e9=kgV@3(A>]g=Yz<{c$7>3Io,s?
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: d4 0f f6 ba 60 1f 41 e9 cd 7a 2c d0 eb b0 c6 ef 14 cb 36 46 37 33 00 3f 2c e3 19 ef 54 2e 62 d7 26 b8 32 36 99 d7 ef 30 b8 40 1b 8e bc fd 2b 19 4d 1a 46 57 5a a4 fe 67 16 f2 ea 37 51 c9 77 2d ed b4 6c ca 56 28 ed e2 48 e3 8c 77 05 80 dc 3d 32 39 c5 57 93 46 b4 30 27 da 2e e6 66 55 25 1e 15 07 07 3d c6 3e 6c 1e 06 7d 6b a8 d4 1e fd e1 ce a1 0c 76 70 28 38 12 34 2a 40 3e b8 e4 e7 f3 ac ab ed 6b 4c 10 ac 77 72 2e 63 5c ee b5 85 63 c7 6d a0 e7 9a a4 ae 69 ce d7 43 3e df 4b 2d 0c a5 a7 d4 6e 12 67 12 30 f2 d0 4b 85 e8 0b 70 36 e7 f9 54 d1 e9 72 c7 2b 49 f6 1b a9 1e 46 dc cf e5 b1 e3 fd 90 3a 7a 67 de 95 b5 5f 0f 86 8d d4 b9 6e 8c 64 b6 47 00 7a 71 8e 3b 9e f4 fb 2f 17 da 8b e9 0a b4 96 89 0b 62 27 56 da 26 00 f5 21 49 db f4 39 a1 d3 93 d8 4e b5 89 e2 b5 ba b6 Data Ascii: `Az,6F73?,T.b&260@+MFWZg7Qw-lV(Hw=29WF0'.fU%=>l}kvp(84*@>kLwr.c\cmiC>K-ng0Kp6Tr+IF:zg_ndGzq;/b'V&!I9N
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 2f fa c1 19 eb f9 67 35 a0 da 96 a1 72 8a 6e 2f 99 bc be 23 42 8a e0 71 d1 7a 63 f0 aa 57 13 5b 42 a1 e6 37 13 aa a9 4d ac 58 02 3d c6 79 1e dd eb 3e 79 0f 97 c8 a0 d1 48 23 66 6d 4b 52 74 6c ee f2 f6 0d c0 76 1c 71 55 da 7b 7d a2 45 d4 ee 8c 44 70 3e d0 3f 41 8e 7f 1a d3 49 f4 cb b8 56 2f b5 59 85 b7 c3 2c 22 32 8a 83 b6 41 eb cf 63 55 2f ad 2c bc 89 0c 16 d8 6c 86 7b 9b 4c 6e da 3d 31 d0 76 35 a4 6a 09 c1 f5 3e 21 f0 08 b7 9f c5 96 ef 72 03 47 1b 34 85 24 6f bf c7 7c f7 e9 f5 c5 76 37 9e 13 d1 75 db 66 bb 5f 13 d8 e9 f7 0c e5 52 09 62 64 33 7a 65 ba 01 5e 65 63 31 b7 bc 8e 70 32 63 70 d8 23 ae 0d 7a dc 7f d8 b7 96 71 6a 16 1a a4 32 45 24 6f be 1f 27 6f 93 27 f0 86 5c e7 9f 5e d8 af b8 94 95 ef 7b 1f 05 86 b4 a0 d3 48 34 1d 10 e9 61 62 b8 92 3b 88 ed c8 Data Ascii: /g5rn/#BqzcW[B7MX=y>yH#fmKRtlvqU{}EDp>?AIV/Y,"2AcU/,l{Ln=1v5j>!rG4$o\|v7uf_Rbd3ze^ec1p2cp#zqj2E$o'o'\^{H4ab;
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: c7 e7 52 18 76 ef d2 aa e9 36 77 7a d6 a9 65 0e a9 e1 4b cd 3e 6b 7c dc dc dc 26 6e 2d e7 81 39 27 20 64 48 a7 a8 ce 4a b7 23 35 db eb 89 06 a0 ff 00 68 b3 fe c8 57 b8 c1 f2 e2 bd 3b b7 67 9f 95 d4 60 e3 8e 7d 05 44 fa 67 89 b4 0b c9 8e 9b 06 a4 b1 37 17 02 28 cc b0 dc 86 18 04 20 27 9e 9c f6 23 d2 9a 77 5e 61 26 93 bf 44 67 fe d1 de 61 f0 ae 99 ac e9 88 97 16 05 82 49 3d be 42 43 85 e3 69 c6 31 9e 33 ed cd 79 5f c3 fd 36 3f 11 78 c7 4f f0 fe d9 37 df 49 20 72 0e e2 36 ae f0 41 e8 39 18 c7 4e 7d 2b d4 3c 3e 9e 3a b2 b7 92 08 74 2d 41 74 f9 24 cb d8 b4 4e ab 31 e8 7e 53 90 72 0f 6c 72 2b 1f 5e f0 ee b6 96 f6 3a 97 86 3e 15 6a 9a 27 8a b4 7b 84 9a 3b ab 60 e2 ce 79 16 5c e4 60 e4 07 8c ed 65 6e 32 4e 2b 4a 6e 54 e9 ba 6f 7e 8f fc cc 27 08 4e b7 b5 7b 76 38 Data Ascii: Rv6wzeK>k\|&n-9' dHJ#5hW;g`}Dg7( '#w^a&DgaI=BCi13y_6?xO7I r6A9N}+<>:t-At$N1~Srlr+^:>j'{;`y\`en2N+JnTo~'N{v8
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 1d 2e f2 26 67 c6 e9 6d 5e 3c 1c 74 5d a3 03 df d6 ba ad 4b e1 b5 f8 84 fd 83 53 b1 59 fe 6d 97 11 86 84 81 9f ba 53 04 1d c0 f7 e9 58 17 df 0b 75 6b 5b 01 73 71 aa 41 b9 04 6a 64 9a f5 e4 48 54 1f 98 05 c6 dc 05 dd d7 8f 5a d1 62 a0 fe 24 67 f5 74 f4 84 89 74 1f 19 f8 42 5b 9f 22 d7 51 fb 04 8b c8 6b 92 62 0f ec ae d8 04 f3 d0 76 ae ae ce fa 4f 2f ce fb 74 26 05 eb 21 60 c9 8f 5c 8c f1 9e fd b3 5c 24 fe 19 d2 6f e2 5b 2d 22 69 ad 5a 66 c3 1f b4 ac 6d 3f 40 db c1 05 47 07 3c 71 93 ef 5e 71 6a da ac 7a c7 8a 75 2f 0f 6a b6 63 4f d1 2f a4 b4 97 72 91 1a 43 1c 78 56 75 5e 11 59 43 a9 5c 1f 99 73 57 09 d1 ad f0 33 3a 98 7a d4 d5 e4 ae 7b bc 7e 3c f0 f4 7e 60 bc d5 a2 8a 18 d8 86 ba 92 dd d6 dd 80 1f df 23 6f 6c 73 8e 95 76 d7 c6 9a 15 cf 89 ac f4 04 ba 9a 6b Data Ascii: .&gm^<t]KSYmSXuk[sqAjdHTZb$gttB["QkbvO/t&!`\\$o[-"iZfm?@G<q^qjzu/jcO/rCxVu^YC\sW3:z{~<~`#olsvk
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 54 a8 fb a4 06 08 a3 1d 37 55 0d 20 c7 0e b1 75 75 a8 da 79 96 3a 9c 8d 14 d2 2c 27 ed 12 22 65 1e 4f f7 0b 96 f9 47 5d b9 eb 57 17 cc 88 7a 37 dd 7f c3 7e 8c 3c 37 33 5c 5e 6b 1a 8b dc a5 e5 f5 94 d1 59 ca d0 c7 ba 44 bc 8e 25 8e 5c 0c 60 30 de bc 8e b8 27 a5 79 7f c6 2d 72 d7 55 f1 ee 9f 2d 8e ab 67 71 e7 44 6d 70 25 32 43 65 b5 be 75 42 3e 56 66 3d 58 72 3d 05 76 92 c9 a5 f8 6b e1 7f 88 f5 59 75 e3 34 5a 8f 9e d2 5c 58 c2 cb 14 be 77 ee a1 96 32 99 25 9c 04 5c e7 8d a4 93 5e 1f e0 db 6b e9 34 cd 1d 84 62 36 d3 4f 9d 0b 30 c6 70 a3 81 d8 9c 9e 83 ae 33 d2 bb 70 f4 93 6e 57 39 ea ce cd 45 1d 7e b5 3d b7 d8 e6 8d 51 56 2b 38 85 ba c6 58 96 2c 07 00 31 eb 93 c9 1d f1 50 78 67 4d 97 58 7f ec d8 20 f2 65 b9 29 f3 ed fb 84 9c 10 c3 be 40 3c 0f 4a d8 bc 86 d6 Data Ascii: T7U uuy:,'"eOG]Wz7~<73\^kYD%\`0'y-rU-gqDmp%2CeuB>Vf=Xr=vkYu4Z\Xw2%\^k4b6O0p3pnW9E~=QV+8X,1PxgMX e)@<J
2024-12-18 08:42:48 UTC	16065	IN	Data Raw: 09 77 63 9f e2 c9 ed 9e 00 1d 6b 72 13 73 1d f7 9f 6e 63 91 5a 34 49 e7 09 f2 79 7b f0 14 64 64 92 cc 31 dc f4 a5 cd 76 0f 44 50 d3 e3 4b 69 a4 b9 3a 6d e7 91 34 d1 44 8e ac 88 8a c5 98 ae 79 2b b9 c8 c9 3d cb 01 9e 95 8b a5 c7 7f 7e af 70 f7 97 53 5a a5 de e3 67 6f 12 a8 88 c0 72 d0 79 c4 81 87 72 09 e4 60 06 1d 38 ad 6d 52 69 0e b2 3c d9 1e 23 05 cb b1 8c c0 ce cd 20 8f 28 36 2e 36 90 32 70 7d 00 f7 a5 f0 75 ae eb 58 26 bf 9d c5 dd d4 f2 ca 6d d9 93 c8 48 e4 6d c3 01 7f 8f 68 e4 82 57 2c 71 52 a5 ad ae 5b db 99 a3 93 be d5 75 1f 06 db 68 36 77 cf 0c cd 78 27 96 fe 48 23 32 c5 02 79 80 98 51 09 1b c8 c8 db 8c 67 6f b8 15 7f 49 b3 d1 74 4f 13 2e ba 19 a7 b8 d6 1f ed 33 df 98 9a 11 71 65 b4 84 b6 45 39 64 0c ff 00 31 1d 41 51 9a ca f8 91 2c ba 86 ad a3 5a Data Ascii: wckrsncZ4Iy{dd1vDPKi:m4Dy+=~pSZgoryr`8mRi<# (6.62p}uX&mHmhW,qR[uh6wx'H#2yQgoItO.3qeE9d1AQ,Z
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: cc e0 e0 64 0f 4c 1e 86 bc 3c 5c df b4 6f e4 7b 38 58 fe ed 22 28 ae 34 ef b2 df 5a c5 24 fa 7d c8 99 5a 39 4a 30 37 12 4c 0a a3 23 71 bc e4 6d 01 8f 18 f4 ad 1b 9d c7 48 ba b1 b9 ba b8 96 de f3 cb b7 da ff 00 ea a1 07 ef b7 27 2d 21 20 e5 9b 8f 40 2a 0b db 59 23 9e ce 39 e3 92 ed ed 95 e6 92 59 98 aa da 2e d2 be 68 23 8f 30 0e 83 a2 86 3e b5 2d 8a 35 f5 a5 d5 ec 66 57 b7 ca 18 77 63 cb 97 2a 5c fc bd 46 49 50 06 7b d7 3c 59 b4 bb 94 67 d4 b5 e3 e3 eb 6d 18 cb 0d ee 9f 69 a6 89 a1 df 0f ce ee 0a a0 1b 94 0d cc aa 40 24 fa 8c 75 aa 9a b6 ab a7 cb 63 1f 88 75 6b c4 8f 47 b0 12 98 c1 62 ac ff 00 3e c4 62 b8 cb 31 c3 00 bd 72 40 1d 2a 4f ed 1d 44 ea 17 97 b0 dc 48 67 b5 b3 2e 92 16 0d 86 95 c3 a4 5d 30 76 2c 7d 38 c6 6b 94 f8 e9 75 35 bf 82 ed 34 9b 8b 36 61 Data Ascii: dL<\o{8X"(4Z$}Z9J07L#qmH'-! @Y#9Y.h#0>-5fWwc\FIP{<Ygmi@$ucukGb>b1r@*ODHg.]0v,}8ku546a
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 57 59 b5 03 16 26 85 4f 9d f3 1e 15 5d fa 0f 65 1d 2b 4b c4 23 54 88 ac 37 97 f0 fd a0 23 38 cc 68 63 c8 1f 2b 28 5e 98 1c 64 f4 35 cd 78 4f 47 d4 ac 6f 22 79 a5 b6 5b 84 8b 64 5f bb 2d 18 6e 77 61 b1 91 d4 e0 e3 be 6b ab de 50 f3 30 96 e7 5d e1 6b ad 17 4d d7 98 4d a7 2d f5 8b aa 2b 5b cd 23 c2 81 b1 82 14 8e 5f 27 9c 63 03 18 ab 3e 30 92 ca 6d 2e 39 b4 bd 36 2d 2c c5 2e 15 23 91 a4 92 50 3b 74 00 2f b7 a5 56 d2 6d 67 45 5d 45 e2 b5 3b d4 ec 96 29 0b 8c 8e 08 e4 74 07 b7 bd 58 68 9e da 16 6d 42 47 f3 e6 98 fd 9d 23 88 95 08 47 f1 77 27 d7 d2 b9 e3 2f 7a ec d6 db d8 ad a7 7d 9e e2 49 2e d6 c5 a1 60 c1 3c c0 db d5 06 31 b4 f4 c1 ce 49 c7 15 cc f8 ba 0b 35 d5 20 d7 56 5d ec 92 08 61 8e 3e 52 52 4f 2d cf 38 f7 ad 5b db 8b 8b 5d 61 ae 6d ec 26 9e d0 c7 e5 4a Data Ascii: WY&O]e+K#T7#8hc+(^d5xOGo"y[d_-nwakP0]kMM-+[#_'c>0m.96-,.#P;t/VmgE]E;)tXhmBG#Gw'/z}I.`<1I5 V]a>RRO-8[]am&J

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:42:48 UTC	346	OUT	GET /th?id=OADD2.10239381981664_1SWAYVEP21DJGDQDY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-18 08:42:48 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 420373 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: CD8D2B547A444FC4807CA5E1EC9AD448 Ref B: MIA301000106027 Ref C: 2024-12-18T08:42:48Z Date: Wed, 18 Dec 2024 08:42:47 GMT Connection: close
2024-12-18 08:42:48 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 33 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 31 3a 30 32 20 30 38 3a 31 31 3a 31 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.3 (Windows)2024:01:02 08:11:168C
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 74 fa 6d c9 2a 01 6c b1 f9 b3 8c 8f f3 8a d9 b7 b8 59 70 4b f2 78 1c 7a 8f 6a e5 74 b2 76 86 c8 c8 3f 30 1e dd ab 63 4f 91 cc 80 8e 0b 77 f7 a8 b1 77 d0 e9 b4 b5 49 58 12 3d c6 46 47 ff 00 ae ba 7d 0e d6 29 64 43 b0 e5 87 3d 31 83 c7 15 ca e8 c0 ee 5c 9c e4 8e 4e 09 e7 a1 ae c7 4e cc 11 83 9c 73 8e 9c f1 50 c6 8d c8 e0 82 08 4e 7d 08 39 19 ac 2d 60 c6 1c 28 2a 08 ff 00 3d aa 6b bd 47 10 85 39 ec 30 7b d6 4d db 99 58 64 9e 7d b8 fd 3d 69 0e 4e e8 63 5f 37 1b 7e 5e 7f 99 a6 5c 5e ca 10 8c 0f 9b 8e c0 d3 0d b2 96 66 01 b2 70 47 b7 d2 a2 92 d9 ba 31 21 83 67 24 fa 54 b4 80 c6 d6 5f 2c e8 32 7e 5e dd fd eb 25 ad 9e 59 04 87 80 7d 79 1f a5 75 53 69 ea f8 66 c1 1f dd eb ef 8f ca a0 9a cd 03 1d bf 28 e7 27 a0 cf af b5 5c 5d 89 6f 98 c1 4b 58 e2 40 c3 96 c6 0f 15 Data Ascii: tmlYpKxzjtv?0cOwwIX=FG})dC=1\NNsPN}9-`(=kG90{MXd}=iNc_7~^\^fpG1!g$T_,2~^%Y}yuSif('\]oKX@
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: cd 1c a1 cc 4e cf 9e f4 d3 2f cb 8a ae 65 ef 51 f9 a0 f5 cd 3b 09 c9 16 5a 53 4c 33 11 ce 6a af 9b f3 63 b5 35 d8 f3 eb 56 a0 4f 31 65 e5 ee 2a 27 97 3f 4a ae cc db 79 a6 b4 84 f0 3d 39 a7 ca 27 22 46 73 eb c9 a8 d9 f3 8f ad 46 c4 9e 3b 51 8f 6e 95 5b 12 39 98 9e 29 39 f5 14 d0 73 c8 f5 a4 19 ea 7b 53 b0 13 2b 62 8a 8d 4f cb 45 16 03 f3 22 ed 9a 0b 93 90 d8 3c fd 39 f4 ed 57 2c 75 79 62 70 09 c8 62 71 8f e6 7e 95 73 c4 3a 76 6e 1d e3 ce 17 fc f5 ff 00 1a c0 ba 81 e2 90 90 72 54 8c e3 df d7 9a f8 f7 14 f7 3e a2 12 67 48 f3 9b 98 cb 9e a0 0c 90 32 72 3f 9e 6a 94 cd 2c 6e 77 f4 ce 71 d4 f0 7f c2 93 48 94 88 b6 36 78 1d 01 e3 db eb 5b f1 5a 47 3c 60 3a 0d a7 a9 20 67 d7 15 cd 2b 23 a2 2a e2 78 62 66 9e e2 34 1c f6 c9 1d 09 c9 af 46 d3 ac 88 b1 53 83 bb 93 9c Data Ascii: N/eQ;ZSL3jc5VO1e'?Jy=9'"FsF;Qn[9)9s{S+bOE"<9W,uybpbq~s:vnrT>gH2r?j,nwqH6x[ZG<`: g+#xbf4FS
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: f9 14 84 8a 8f 3f ed 52 31 f9 ba d3 01 c5 89 a6 b3 0a 69 7c 77 a6 96 ed 4d 20 06 7a 42 69 ac 46 de bc d3 19 bb 0a a2 2e 3c 90 3a 50 18 0c e3 a9 ed 51 67 1c 83 42 92 1b ad 3b 05 c9 d5 be 6a 91 8e e1 8f 6a ae 09 2a 6a 55 38 fc a9 34 5a 33 75 58 88 6c f6 ef 5c a7 88 ed 83 5b b0 20 1f 4f a5 76 ba 82 6e 8f 81 5c fe b7 17 ee c8 23 a7 1f fd 7a 24 93 8e a2 8b b3 3c 5f 5c b6 1f 6a 96 02 31 82 71 f4 35 88 d1 28 93 69 8f 04 60 60 76 1e d8 ae bf c4 d0 88 ef dd f6 e0 73 9e e0 e4 d7 31 32 ee 90 ee e3 24 64 7a 7b fd 6b f3 cc d7 0f ec eb 33 ec 30 15 b9 a0 86 c2 40 5e 7e f0 e0 f1 9e 29 70 0a 7b f1 c1 ff 00 3d 29 61 19 6c 05 ea 78 fa d4 a5 09 ce 47 71 c7 5e 7f c7 eb 5e 33 3d 32 8c d0 17 e4 0f 7e 9d 08 e8 05 51 bb b4 0c b9 29 9e 70 0f bf d6 b6 b6 8e 84 13 ed f4 aa f3 c7 dc Data Ascii: ?R1i\|wM zBiF.<:PQgB;jj*jU84Z3uXl\[ Ovn\#z$<_\j1q5(i``vs12$dz{k30@^~)p{=)alxGq^^3=2~Q)p
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 53 48 c2 d3 b8 ac 46 40 0b ef 4c da 2a 75 18 c6 7a 52 30 1c 8a 61 62 0a 4e 31 c2 d4 a4 0e b4 d2 3e 6c f1 40 86 6d ea 71 45 38 83 cd 14 01 f9 81 a9 6a 0e ae cc ee 30 4f 1d 80 1e f9 a3 4d bc 88 c8 a4 f7 3e d8 c7 4f 5a c9 d7 24 13 ae d8 ba 64 92 38 3f 8f e3 55 f4 58 64 89 f7 6f 20 63 8f eb 8f 7a f8 55 15 63 ec 65 27 73 d3 34 9d 42 dd 1e 23 11 dc db b6 9f 9b 8f 5e 3d 78 af 48 f0 a5 dc 8f 1f 9c 9c b2 fa 1c 11 f8 fd 2b c5 fc 32 ea 6f 13 71 05 8b 01 80 38 04 9e 47 35 ed fe 07 86 dd f4 b0 0e d0 76 8c 90 7a 02 3d f8 ff 00 0a a8 ab 13 ab 29 78 b3 5d 96 d9 3e 57 93 39 3c 11 da b0 ec bc 43 23 c9 87 71 c1 fa 70 4f eb 5b 9e 3b b3 47 b5 61 b1 83 11 c1 cf 4f 6e 7a 75 ae 05 61 7b 6b 8f 9c e3 9e 3b 8e 2a a5 15 ca 38 bb 1e 8b a4 de 19 dc 17 e8 4e 32 4f 19 eb 5d 5e 99 2a 88 Data Ascii: SHF@LuzR0abN1>l@mqE8j0OM>OZ$d8?UXdo czUce's4B#^=xH+2oq8G5vz=)x]>W9<C#qpO[;GaOnzua{k;8N2O]^*
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 52 4b 12 79 ce 33 8f a7 4a d9 1a 47 83 ec e3 c4 3a 4d 8a 9d b8 0c 21 56 3c f3 c6 7e b5 dd 1c 7e 25 e9 19 3b 11 2c 54 e0 ec 9b 3c 7b 4b f0 1f c3 d8 61 f3 3f b3 c5 c0 56 21 4b 4a d2 64 03 cb 6d 07 d7 8c 77 af 41 f0 c8 82 cb 41 8e de c3 4f 96 37 91 78 55 80 e2 15 1d 37 36 39 20 57 51 6c fa 56 95 18 36 96 76 d1 48 41 db e5 c0 06 49 e4 9e 06 7d eb 36 e7 c4 32 b2 30 36 e0 ae 72 09 90 2e 4e 38 ce 7b fb d2 7e d6 4b df 9b 7f 37 fa 9c d5 31 15 2a 5e ee ff 00 32 b4 9a 9c 11 aa c7 0a 4d 19 5c 2e f9 a3 d8 58 1e b8 53 c6 3d ea ee 93 05 aa 24 86 29 52 49 26 05 b7 83 bb 24 f1 c6 3b 01 8e 3f c6 b2 2e af e7 9e 46 32 5c 2a a9 5c 1d b1 96 c6 7b 74 c1 14 cb 0b 95 b2 d8 6c ee 07 19 66 0c 08 49 47 af 39 da 47 b7 5a a8 d3 56 56 39 79 1b dc d3 67 4b 29 3c a9 d3 cc 62 d9 0e 8b 91 Data Ascii: RKy3JG:M!V<~~%;,T<{Ka?V!KJdmwAAO7xU769 WQlV6vHAI}6206r.N8{~K71^2M\.XS=$)RI&$;?.F2\\{tlfIG9GZVV9ygK)<b
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 6d c7 18 e3 04 8f f6 b1 c6 47 4a e6 6e 0f 01 22 77 da ab c9 3c 71 8e 46 07 ad 40 6c ae 1b fe 59 31 00 80 48 19 00 9e 9c ff 00 4a bf 6c d1 cb 5b 29 a1 3d 6c 7b 47 84 be 2b d9 9b 6b 78 2f ca c6 16 30 d2 48 58 ee b8 65 18 50 d8 18 19 c0 19 e3 8a ea 74 bf 1e 5d 98 5e 79 ec 21 78 8e 59 0d b5 dc 6e 0b 6e 18 66 3c 70 07 3d b9 fa 57 ce f7 fa 6d cd 96 97 6f 71 2c ab 8b a2 c1 62 53 f3 61 71 92 7b 63 27 1f 81 aa f0 5c cb 0b c6 d0 ca c8 62 39 8f 63 63 1e f4 46 a4 5e e7 99 57 87 e0 fe 09 58 fa f3 52 f1 77 87 62 b0 13 4b ab db 44 4a 80 10 38 f3 00 ee 5b a9 07 a8 c6 31 f9 f1 a5 63 e4 cb a2 c4 43 05 37 04 4a 10 12 5c a1 5c 82 c0 12 46 47 73 da be 53 d0 fc 43 74 7c ab 77 9e 56 60 e3 6f cd 82 3b 86 cf 39 c1 e7 04 11 5e df f0 eb e2 1d cd dd f0 d1 3c 46 fa 52 c8 21 1f 65 9a Data Ascii: mGJn"w<qF@lY1HJl[)=l{G+kx/0HXePt]^y!xYnnf<p=Wmoq,bSaq{c'\b9ccF^WXRwbKDJ8[1cC7J\\FGsSCt\|wV`o;9^<FR!e
2024-12-18 08:42:48 UTC	16069	IN	Data Raw: f2 cd 21 e0 67 d0 0e 07 1d e9 1c aa db c9 3b c9 1f d9 64 5c 67 71 d8 91 af 00 f3 f7 89 38 1c 0e 4d 52 91 3c ac 65 ac 83 8b 99 24 c8 7f f9 6d 34 7b b7 81 c1 65 8c 0e 72 7a 0e 9d 3a d5 b8 63 37 32 66 78 8c 48 a0 ca b0 4e c4 b1 1d 3c c9 db 38 51 e8 a3 af 02 ab a6 77 ac b2 c8 c1 a5 03 61 3f 2c 81 4e 48 55 e7 2b c7 3e bc f6 ab 31 79 7b 63 dc 84 09 9f f7 30 aa e5 ee 1f bb 31 3d 86 31 c9 c7 5a cd a0 d9 92 dd ee 16 a6 59 4e c8 94 16 67 9c ec 40 a3 90 4a af 3c e7 ee f5 35 59 5d 93 17 18 c4 72 a7 de 94 79 69 82 40 18 51 f3 31 f6 ab 68 f1 de 6d 90 6d b9 8a 17 c2 a2 fc ca 64 19 ce 1b f8 b0 7b d4 0a c6 0b a1 3b c8 0c 9b fc c9 ef 64 5d e4 12 08 09 12 77 3d b3 ff 00 eb ac 76 2c bd 6e 92 09 b7 c9 fb b9 11 41 67 60 01 5c 8e 08 07 85 07 df 9a 7c 7e 5c 2a f3 ac 84 49 20 25 Data Ascii: !g;d\gq8MR<e$m4{erz:c72fxHN<8Qwa?,NHU+>1y{c01=1ZYNg@J<5Y]ryi@Q1hmmd{;d]w=v,nAg`\\|~\*I %
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 9f e1 4d 13 2d 86 5a 1d 88 22 eb 81 c1 03 82 3f c6 a5 d4 4f 9b 6a 41 3b 7a e3 f2 aa ee 93 2f 00 60 03 c7 5f 4e 78 a6 ef 26 1e 53 80 0e 37 0c 7b 76 ad 16 e6 76 d0 f3 df 12 5b f9 77 8c b8 c6 0d 1a 1a ee 70 37 e2 b5 3c 5d 6e 0b 33 81 8e 71 83 f9 f6 ac 3d 31 c2 4d 83 c5 75 2b ca 99 c9 6b 48 ec ac e0 57 61 e9 c1 3c d6 f5 a4 71 c3 18 03 b6 40 35 83 e1 f9 95 94 77 6f a6 45 6d 22 b3 2e 00 e8 47 b0 c9 e3 23 e9 5c d2 dc e9 4f 42 c4 a7 62 64 75 c1 03 68 ee 78 aa b2 cb 9d d9 2d 80 73 d7 d2 ac 92 76 6d dd f2 e4 82 41 e7 81 8a 83 62 1c 0e a4 f4 3d c8 ff 00 11 52 34 55 9c ef 4f 94 8c 77 e3 a5 2e 97 67 2a f2 f9 39 ea 31 de ad f9 03 cc 24 71 81 93 dc 7e 15 24 01 c2 e0 70 47 51 ed 9e 94 ae 16 26 b5 8a 42 48 23 24 70 ca 06 3f cf f8 53 6e cb f9 83 6e 40 e0 67 a7 7e 82 96 31 Data Ascii: M-Z"?OjA;z/`_Nx&S7{vv[wp7<]n3q=1Mu+kHWa<q@5woEm".G#\OBbduhx-svmAb=R4UOw.g*91$q~$pGQ&BH#$p?Snn@g~1
2024-12-18 08:42:48 UTC	16384	IN	Data Raw: 4f bd 3e 6b 03 45 06 85 e6 61 fb af 95 41 c0 63 f2 8f 73 df 9a b1 0b b2 6d 48 15 49 73 8d d8 da aa a3 ae d1 83 92 4d 2c ab bb 04 80 a8 a3 0a 0f 03 20 63 f1 35 19 12 c7 fb c4 38 94 65 4b f4 55 04 63 8f ca ab 9a e4 d8 2e 10 db b6 d8 49 7b 89 9b 7b 4a dc 94 1d 02 a8 e9 9f 7a 5b 71 6b a7 58 4d 2b c9 b9 64 c7 9c c0 e5 a5 2a 3e ea e7 b0 eb 52 43 24 36 f6 b2 dd 30 de d2 9d ab c9 de d8 18 c6 7b 7a fd 31 55 6e 62 89 6d de ee e9 37 a8 02 38 e2 c6 32 c7 9d a3 db 3d ea a3 ab 18 b1 ca a6 6b 4b fd 41 49 6d bf e8 36 84 77 fe f7 e7 eb d2 a7 b4 b3 68 e1 22 43 99 a7 99 5a 56 18 c0 03 90 31 e8 09 fc 69 96 f1 3c 77 03 54 bb 75 6b a7 8c 88 a3 c7 fa b4 39 f9 b1 e9 81 8f c6 a4 46 6f b4 a5 b6 f0 ec 99 9a f2 42 40 0a a4 70 a3 3e e0 0f a5 54 ac c0 8d 48 9e de 56 1d 27 59 4e e0 79 Data Ascii: O>kEaAcsmHIsM, c58eKUc.I{{Jz[qkXM+d*>RC$60{z1Unbm782=kKAIm6wh"CZV1i<wTuk9FoB@p>THV'YNy

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:42:49 UTC	346	OUT	GET /th?id=OADD2.10239381054898_12P3U9MBIMBJZZ38P&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-18 08:42:50 UTC	852	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 803533 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: C05213D98A944187A3DA2F998A6DC76A Ref B: MIAEDGE2021 Ref C: 2024-12-18T08:42:49Z Date: Wed, 18 Dec 2024 08:42:49 GMT Connection: close
2024-12-18 08:42:50 UTC	15532	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 04 04 04 04 05 09 06 05 05 05 05 0b 08 08 06 09 0d 0b 0d 0d 0d 0b 0c 0c 0e 10 14 11 0e 0f 13 0f 0c 0c 12 18 12 13 15 16 17 17 17 0e 11 19 1b 19 16 1a 14 16 17 16 ff db 00 43 01 04 04 04 05 05 05 0a 06 06 0a 16 0f 0c 0f 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 ff c0 00 11 08 07 80 04 38 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCC8"}!1AQa"q2
2024-12-18 08:42:50 UTC	16384	IN	Data Raw: 99 d0 71 d0 63 24 e7 9e d4 a0 f3 91 9e 4f 1e d5 8a 3c 55 e1 f7 72 82 f9 8b 06 da 54 42 77 02 3b 11 d8 f2 38 f4 35 5f 57 f1 96 99 a7 89 99 ad ae 9a 0b 5b 7f b4 dd 4e 59 51 61 8f b9 c1 eb 80 09 ed 52 f1 b8 65 f6 d7 de 54 72 fc 54 b4 54 df dc 74 25 87 60 33 e9 eb 4a 33 9e dd 7b 56 0e 9b e2 9b 0b d8 23 94 69 fa 94 5e 63 61 55 a1 1d f9 53 9e e0 82 0f b5 59 9f 5f b4 82 0b 89 ee ad 6e 2d 63 b5 ff 00 5c f3 b2 a2 a0 f5 3e bf 5a 3e bb 87 fe 74 1f d9 b8 ab db 91 9a 99 2f 90 49 e3 04 8c 74 a3 ee fc c4 82 d9 ff 00 3f 4a c7 b6 f1 0c 13 88 cc 16 57 33 09 80 78 1a 39 11 96 55 fe f0 23 a8 fe 75 16 b9 e2 dd 2f 44 8e 37 d5 60 b9 b6 33 48 22 85 4e dc ca e7 38 0a 3b 9a 5f 5f c3 7f 3a 1f f6 6e 29 b4 b9 1d cd dc e3 ae 7a f7 a0 8f 97 04 9c 77 3e 95 87 6d e2 9d 36 ee 0b 79 ac a0 Data Ascii: qc$O<UrTBw;85_W[NYQaReTrTTt%`3J3{V#i^caUSY_n-c\>Z>t/It?JW3x9U#u/D7`3H"N8;__:n)zw>m6y
2024-12-18 08:42:50 UTC	16384	IN	Data Raw: e5 82 44 c8 51 91 d0 13 c6 3a 13 59 39 34 6b 15 db f0 21 bd f0 94 d6 5a c6 a1 ac 78 76 f9 b4 dd 4e e6 25 b9 b8 8a 48 91 d6 f3 63 0d aa c8 46 71 9c 92 57 1d 0f a0 ab 9a 87 88 f5 8b 59 5b 4e bf d3 ac f5 05 8a 43 3f 9d 62 ac 25 2c 46 57 08 e7 63 03 ea 0f 15 5f 58 86 c3 48 b5 d3 fc 44 35 7b c8 23 be b4 46 59 ad 98 4d 24 88 4f cc 89 bb 39 ce 79 3d 85 42 da ae 9b a8 dc c9 a4 d8 19 6d ef 21 7d 96 b2 ba 7e e5 e4 3c 63 fb cc 47 53 c6 32 0d 27 38 ed 70 e5 6d 73 5a e6 7f 87 35 7f 0e 6a 3e 2f d4 2f 6d de 5b 2d 49 ad db ed 46 f2 cd bc c8 df 70 0d 89 00 2a 06 d0 bf 28 39 27 9e e6 b9 db 5d 77 4e 7f 15 db dc 69 9a dd b4 97 d6 d6 eb a7 5b 4a c5 54 bc 8c e4 e0 e7 81 b8 0e bc 63 8f 5a eb 6f 74 4b 3d 1e e6 eb 45 d0 da e2 6b fb 8f f4 bd 46 f2 79 31 8d 9f f2 d1 c6 7e 5d e5 b0 Data Ascii: DQ:Y94k!ZxvN%HcFqWY[NC?b%,FWc_XHD5{#FYM$O9y=Bm!}~<cGS2'8pmsZ5j>//m[-IFp*(9']wNi[JTcZotK=EkFy1~]
2024-12-18 08:42:50 UTC	16384	IN	Data Raw: da d4 eb d2 3b 1b 37 50 1d 46 f4 5a 59 14 8d 6d ae 16 34 46 60 b1 c2 ae 83 1b b3 c1 03 19 f7 ad 5d 07 c2 09 a7 f8 45 4c da ee ad 75 71 71 2e 27 99 ee 4a a3 a0 71 fe a4 27 f0 1d a7 93 ce 2b 08 c9 03 69 4c f2 45 1e a1 71 6c ae 52 d6 e0 8f 24 45 ce 19 ff 00 be d8 21 7b 01 8a 5d 2e fe f6 c3 c1 76 29 a7 68 0b 77 24 cb 77 76 d2 9b 9f 26 28 43 48 76 41 10 39 3d 87 cb c6 47 a5 12 97 74 09 3b 2b 3f c8 eb 34 d9 7e d3 a9 2c f1 05 2d 1c ef 77 2a 5c 8f 39 6d 54 28 44 09 bb a7 3c 8f 72 4f 61 51 de cf 7d 73 05 da 5d 46 aa d7 22 21 1c 86 42 cc f1 a3 b1 c1 cf 2c 5b 71 e3 81 d2 b1 f4 98 75 b8 75 1b 5d 61 ee 34 35 5b c4 64 b8 f2 33 77 e5 92 01 db 23 0c 79 67 04 f3 ce 30 2a d6 35 99 b5 45 86 eb 46 d1 ee 10 a6 c9 25 9e eb e5 04 7c de 60 50 0e 01 4e 31 9c e7 d2 b1 72 f5 2d 47 Data Ascii: ;7PFZYm4F`]ELuqq.'Jq'+iLEqlR$E!{].v)hw$wv&(CHvA9=Gt;+?4~,-w\9mT(D<rOaQ}s]F"!B,[quu]a45[d3w#yg05EF%\|`PN1r-G
2024-12-18 08:42:50 UTC	16384	IN	Data Raw: 53 5a ff 00 5f d6 fa 1e 5f a4 7c 16 d6 bc 39 e2 bb 7d 76 0b ab 54 b3 86 e1 e6 83 4f b9 85 be d1 e5 f3 b6 20 73 cb 00 48 c9 ec 3b d1 63 6d a9 58 c1 ad f8 7a f7 c2 e8 56 c7 48 6b 8b c7 ba 9b 7c 6c 1c 11 13 18 cf 27 a7 6e 85 6b ac d2 2f f5 7d 5b c5 be 22 b4 8e e6 69 13 49 68 ec f4 d0 ee 5a 38 0b 9c b9 2c 39 07 00 63 a9 07 35 7f 57 9e 0d 33 c6 47 47 94 ad c5 9d f6 99 7b 63 a7 c5 28 ff 00 48 92 44 4f 30 b9 ee ca 70 c3 07 91 c6 05 74 fb 65 51 ab f4 31 95 27 0b f7 df f5 fc 8c 7f 85 17 3a 6c bf 0c ec f4 7b fd 56 46 7b 68 cc 5b 6e 9f cb c0 5c 18 98 16 ea b9 ca 9f 4e 95 8b e3 3d 4e 4b 6f 1a 69 fa d2 f9 70 ae 8b 38 59 e7 92 55 31 4e b3 e0 32 ae 33 83 c0 c0 1c d5 0f 88 d6 16 76 d6 16 d7 76 f6 91 43 a7 ff 00 65 c7 20 b3 93 71 80 49 fc 4a e4 74 3b b0 47 73 92 2b 85 d3 Data Ascii: SZ__\|9}vTO sH;cmXzVHk\|l'nk/}["iIhZ8,9c5W3GG{c(HDO0pteQ1':l{VF{h[n\N=NKoip8YU1N23vvCe qIJt;Gs+
2024-12-18 08:42:50 UTC	16384	IN	Data Raw: 3e a4 fb 57 91 51 2a 9e f5 93 eb b5 ed fd 5c e8 72 70 9f 26 ab 65 be ee fe 9e 5d fa 1c 67 8f 1f c3 fa de 8a b6 fe 1b 9f 4d 92 ea 5b 88 e2 b8 4b 70 52 58 84 9f 2a 3b 67 05 46 09 39 e9 c5 37 e2 36 9f a7 e9 d6 b3 5e 5a 5f b2 69 b2 ed 5b 76 8a 72 c0 ce aa 30 9b 39 c1 60 09 18 e0 9c d5 ef 18 5a c5 1d 94 9a d4 5a 6b 5d 4b a8 c7 6f 1c ac 14 49 70 b1 8f 98 44 b9 fb d8 f9 b2 be d4 86 d7 45 9b 4e fb 6e 9d a0 0d 5a d7 55 74 65 9a 43 fe 8d 6e 55 be 55 db 90 63 2a 4f 4e 08 ad a1 14 9d ed ae 9f d7 50 e6 6a 2b 5d 35 ed e5 d7 4d ba 1e 27 a6 cb a9 e8 37 fa c7 8c 5a f6 14 9c 41 2d 9e ad a7 ab 06 fb 44 7f 7e 06 42 3a 82 18 fa 90 72 3d 6b 1f c6 3a 7d a6 a7 71 0e aa b7 b7 f7 d6 ba 8c 09 71 08 85 55 14 80 80 05 67 53 90 46 40 23 00 e5 4d 75 9e 27 bd 82 7f ed 93 63 15 a7 d9 56 Data Ascii: >WQ\rp&e]gM[KpRX;gF976^Z_i[vr09`ZZk]KoIpDENnZUteCnUUc*ONPj+]5M'7ZA-D~B:r=k:}qqUgSF@#Mu'cV
2024-12-18 08:42:50 UTC	16384	IN	Data Raw: c0 91 d1 cc 97 33 1c ca c4 0e e7 a0 00 0e 9e d5 c7 78 56 2d 52 c6 d3 53 9f c2 b7 ba 7e b5 6b a8 5f 07 cd d2 95 96 29 23 07 7a 44 83 0a ea d9 24 05 c7 7e b9 ad eb bf 10 e9 f1 eb 4d 01 49 8d b3 48 20 d4 35 5b 93 ba 31 2b 28 f9 53 1c 36 09 c3 63 85 19 cd 67 f8 a9 6d 5f 45 9a da d3 4c b3 b7 5b 55 31 c5 3b 8d a1 6e 56 45 55 2b 8f ba a4 10 43 0c 60 57 3f 3a 72 b2 7b 7f 5f 95 ff 00 cf 40 a7 ce a2 f9 95 f9 ad fd 77 df cd 79 ab 3b 18 3e 19 d1 06 af 6b e2 2b bb a9 6e 2e db fb 4e 39 cc d2 da 2a c7 6d 70 a3 04 c3 9c e5 42 fc ac 0f 4a e5 f5 bb a1 f6 cd 47 c1 5a 8d a4 7a 9e 8b 35 ec 7a 9c 77 51 4d 80 b8 19 dc 23 e8 c8 ac 02 94 e7 07 1e b5 ad a5 78 4a 0d 1f 5e d5 e3 8a f6 f2 58 6e 2d b3 aa 43 2d cc 88 a3 71 2c 24 51 9e 4b 15 6e 7f bb d7 a8 ac ed 48 59 24 d6 da 8c 50 af Data Ascii: 3xV-RS~k_)#zD$~MIH 5[1+(S6cgm_EL[U1;nVEU+C`W?:r{_@wy;>k+n.N9*mpBJGZz5zwQM#xJ^Xn-C-q,$QKnHY$P
2024-12-18 08:42:50 UTC	16065	IN	Data Raw: 2a 7d 1d ee ad be 20 5a c7 79 1c 28 c8 16 39 92 59 95 a3 70 b9 29 0e fe 32 c3 73 10 31 90 71 5d 3f 96 2f 6f ae 6e 3f 75 6f 1e 9e ec 96 36 ee 55 8e 1d 30 58 e3 a6 79 1b 4f 15 a4 1b 9c 5a f3 b7 eb e9 ff 00 04 9a 95 39 24 9b da d7 fd 2d df 7f 3b 58 f3 bd 79 23 37 3e 5e a1 a7 e9 f7 6b c8 8a 6b 36 db 24 bb 9b 3b d7 77 dd 3b b0 31 9c 60 67 bd 66 6b b6 3a 46 af f1 03 4e fb 54 ed 1d c4 76 fe 55 cc 37 01 7f d3 23 c7 cc a1 83 71 9d a0 38 ea c0 1f 53 5e 83 06 83 98 6e 6e c5 bd b3 59 af 96 b6 f6 d7 31 0e 5c 12 58 46 fd 78 3b 70 0f 53 f4 a8 f4 dd 07 4e d6 ef ae 35 81 0d ad c4 8b 30 47 33 5b 29 50 48 dc ea ab d8 a9 18 cf 5c 8a d2 9b d5 2b 6e 0e ac 52 6e fb 7f c0 fe bd 4e 63 5b 3a bd 8e 99 74 89 35 cd ae 9b 6c 23 0f 24 ee 7e ce 83 39 18 2c 70 14 76 1d 3a 57 1b a4 ac 9a Data Ascii: *} Zy(9Yp)2s1q]?/on?uo6U0XyOZ9$-;Xy#7>^kk6$;w;1`gfk:FNTvU7#q8S^nnY1\XFx;pSN50G3[)PH\+nRnNc[:t5l#$~9,pv:W
2024-12-18 08:42:50 UTC	16384	IN	Data Raw: 51 6c 12 a8 1f 72 55 f9 43 03 c9 1d 7a 0a d3 d1 ad 6d 6e 2d 92 e6 d6 f1 e5 b8 86 19 6d 27 51 21 f3 23 63 d9 81 e0 7d d1 8c f3 cd 73 3e 2a d6 b5 1d 0f e2 86 91 26 af 62 b1 d9 eb 9e 26 4b 43 2a 4f ba 36 8b ec 8d b1 1c 67 87 2c 41 63 d4 82 38 e9 5b 5a 4c 3a 3d 85 f4 22 e2 46 d3 8e 9d 72 d0 44 d2 ce 7c b9 9d 8f ee e3 67 fe 35 05 8e 03 72 31 ed 4e 49 a9 c5 b5 e5 ab 7d ff 00 e1 f4 ff 00 32 5f 33 82 d7 a2 7a 7a 5a db fc af 6f ca c5 78 e1 9a ef 59 d2 a0 3a 5e a0 ba 6c 90 5c 4a f7 09 13 a3 6f 0c aa 18 1e a0 f2 d8 1d 0f 5e 71 59 7f 0a e6 bd b9 d4 af 57 54 b1 ba 5d 46 d2 cf 7c 81 a1 db 21 5f b4 32 21 2b fc 44 aa e7 3d c8 cd 74 da 6e a1 74 97 77 5a 01 8d ae 04 bf 68 75 f3 a5 78 e4 88 a3 0c 47 c9 20 93 b8 e0 8c 0d a3 35 c8 fc 44 d7 9f 43 8a df 5f d4 34 1b 8b fb 5d 7a Data Ascii: QlrUCzmn-m'Q!#c}s>&b&KCO6g,Ac8[ZL:="FrD\|g5r1NI}2_3zzZoxY:^l\Jo^qYWT]F\|!_2!+D=tntwZhuxG 5DC_4]z
2024-12-18 08:42:50 UTC	16384	IN	Data Raw: 00 9d 9c 3a 5c 7d e8 df 27 0a bb d5 48 3d 30 b8 ef 59 5a 4e a1 79 a9 78 bb 56 f1 36 99 7d 67 0c 91 f8 67 ca 93 4c 87 12 35 c9 67 fd dd c4 83 ee f9 71 95 65 41 f7 b9 6e 80 d5 e5 b7 d4 f5 4b 6d 1f fb 75 d2 16 b5 b9 5b a1 25 a4 fb 96 7f 2a 6c 15 63 fc 44 05 50 df ef d6 37 8c 34 07 f1 3d be 86 da 4c 67 c3 9a 4d c6 b5 1d 96 b9 79 69 36 d9 a6 48 c9 31 5b a0 51 96 41 36 77 13 8d bc f5 e6 b3 a3 6e 66 d3 b6 97 fe bb 09 af 75 46 4e fd 2f d3 f3 d6 f6 e9 a9 06 b5 e1 9b 55 b6 f0 fd c4 f1 4b 73 6f a4 cf 0d c5 fa 17 09 fd a1 21 39 57 23 b6 00 fb a3 a9 03 a5 4b f1 ce d4 78 87 c5 97 57 b1 5a 5c 7d aa 28 22 b4 89 99 79 40 4f 2a ff 00 de 4c b6 7d b3 da ba bf 17 4d 74 d6 69 06 a1 04 7b 76 e1 26 56 11 bb 98 64 e1 b6 9e 38 1f 40 78 f5 ac 2b 6d 58 5d f8 97 4d d5 74 e8 24 9a c3 Data Ascii: :\}'H=0YZNyxV6}ggL5gqeAnKmu[%lcDP74=LgMyi6H1[QA6wnfuFN/UKso!9W#KxWZ\}("y@OL}Mti{v&Vd8@x+mX]Mt$

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:43:16 UTC	393	OUT	GET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Alert/Alert_OT_B.svg HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: assets.msn.com Connection: Keep-Alive Cookie: _EDGE_V=1; MUID=26949C2B84536EAE0949892685346FA5; _C_ETH=1; _EDGE_S=SID=150A01BAABDC6E53064A14E3AA466F2C
2024-12-18 08:43:16 UTC	1063	IN	HTTP/1.1 200 OK Content-Type: image/svg+xml Last-Modified: Wed, 04 Sep 2024 02:00:36 GMT ETag: 0x8DCCC855E89DC54 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: c6efcee5-201e-0009-11a6-fe6326000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * Expires: Tue, 24 Dec 2024 16:00:13 GMT Date: Wed, 18 Dec 2024 08:43:16 GMT Content-Length: 624 Connection: close Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.206.196.165,b=2921511816,c=g,n=US_FL_MIAMI,o=20940] Server-Timing: clientrtt; dur=129, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.206.196.165 Akamai-Request-ID: ae22bb88 Cache-Control: public, max-age=2592000 Timing-Allow-Origin: * Akamai-GRN: 0.a5c4ce17.1734511396.ae22bb88 Vary: Origin
2024-12-18 08:43:16 UTC	624	IN	Data Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 37 32 22 20 68 65 69 67 68 74 3d 22 37 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 32 20 36 31 2e 31 36 31 22 20 73 74 72 6f 6b 65 3d 22 77 68 69 74 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 64 3d 22 4d 33 31 2e 33 35 36 20 39 2e 31 36 34 63 32 2e 34 33 38 2d 34 2e 30 33 32 20 38 2e 33 30 38 2d 33 2e 39 37 33 20 31 30 2e 36 36 35 2e 31 30 38 6c 32 34 2e 34 32 33 20 34 32 2e 33 30 39 63 32 2e 33 38 33 20 34 2e 31 32 39 2d 2e 35 39 37 20 39 2e 32 39 2d 35 2e 33 36 34 20 39 2e 32 39 48 31 31 2e 30 37 39 63 2d 34 2e 38 32 34 20 30 2d 37 2e 37 39 36 2d 35 2e 32 37 2d 35 2e 33 30 31 2d 39 2e 33 39 38 4c 33 31 2e 33 35 36 20 39 2e Data Ascii: <svg width="72" height="72" viewBox="0 0 72 61.161" stroke="white" xmlns="http://www.w3.org/2000/svg"><path d="M31.356 9.164c2.438-4.032 8.308-3.973 10.665.108l24.423 42.309c2.383 4.129-.597 9.29-5.364 9.29H11.079c-4.824 0-7.796-5.27-5.301-9.398L31.356 9.

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:43:41 UTC	674	OUT	GET / HTTP/1.1 Host: www.facebook.com Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-18 08:43:42 UTC	1120	IN	HTTP/1.1 302 Found Set-Cookie: fr=0sFGvNrnImvjgwTHy..BnYos9..AAA.0.0.BnYos9.AWVaK2N8u6A; expires=Tue, 18-Mar-2025 08:43:41 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=None Set-Cookie: ps_l=0; expires=Thu, 22-Jan-2026 08:43:41 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=Lax Set-Cookie: ps_n=0; expires=Thu, 22-Jan-2026 08:43:41 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=None Location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2F reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0" report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"} cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
2024-12-18 08:43:42 UTC	1834	IN	Data Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27 77 61 73 6d 2d 75 6e 73 61 66 65 2d 65 76 61 6c 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 67 6f Data Ascii: content-security-policy: default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.go
2024-12-18 08:43:42 UTC	1724	IN	Data Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 62 72 6f 77 73 69 6e 67 2d 74 6f 70 69 63 73 3d 28 73 65 6c 66 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), c

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:43:41 UTC	802	OUT	GET /mail HTTP/1.1 Host: mail.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKi1yQEIjbbJAQijtskBCKmdygEI6pHLAQiWocsBCIWgzQEI2/zNAQjlr84BCLm8zgEI377OAQjMv84BGPTJzQEYwa7OARidsc4BGJq8zgE= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-18 08:43:42 UTC	724	IN	HTTP/1.1 302 Found Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 18 Dec 2024 08:43:42 GMT Location: https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&emr=1&osid=1# Content-Security-Policy: require-trusted-types-for 'script';report-uri https://mail.google.com/mail/cspreport X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: clear Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-18 08:43:42 UTC	423	IN	Data Raw: 31 39 62 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 21 2d 2d 20 47 53 45 20 44 65 66 61 75 6c 74 20 45 72 72 6f 72 20 2d 2d 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 53 65 72 76 69 63 65 4c 6f 67 69 6e 3f 73 65 72 76 69 63 65 3d 6d 61 69 6c 26 61 6d 70 3b 70 61 73 73 69 76 65 3d 74 72 75 Data Ascii: 19b<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000">... GSE Default Error --><H1>Moved Temporarily</H1>The document has moved <A HREF="https://accounts.google.com/ServiceLogin?service=mail&passive=tru

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:43:42 UTC	801	OUT	GET /login/?next=https%3A%2F%2Fwww.facebook.com%2F HTTP/1.1 Host: www.facebook.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: fr=0sFGvNrnImvjgwTHy..BnYos9..AAA.0.0.BnYos9.AWVaK2N8u6A; ps_l=0; ps_n=0
2024-12-18 08:43:42 UTC	1562	IN	HTTP/1.1 200 OK Vary: Accept-Encoding Set-Cookie: datr=PotiZ_Y5zKZTtYSUIPnQNfBK; expires=Thu, 22-Jan-2026 08:43:42 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=None Set-Cookie: fr=0sFGvNrnImvjgwTHy..BnYos9..AAA.0.0.BnYos-.AWU2s3-jLLE; expires=Tue, 18-Mar-2025 08:43:42 GMT; Max-Age=7776000; path=/; domain=.facebook.com; secure; httponly; SameSite=None Set-Cookie: ps_l=1; expires=Thu, 22-Jan-2026 08:43:42 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=Lax Set-Cookie: ps_n=1; expires=Thu, 22-Jan-2026 08:43:42 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=None Set-Cookie: sb=PotiZ4PvEOyyrZBMn_X31T1T; expires=Thu, 22-Jan-2026 08:43:42 GMT; Max-Age=34560000; path=/; domain=.facebook.com; secure; httponly; SameSite=None reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7449669834120990235", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7449669834120990235"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
2024-12-18 08:43:42 UTC	1834	IN	Data Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27 77 61 73 6d 2d 75 6e 73 61 66 65 2d 65 76 61 6c 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 67 6f Data Ascii: content-security-policy: default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.go
2024-12-18 08:43:42 UTC	1701	IN	Data Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 62 72 6f 77 73 69 6e 67 2d 74 6f 70 69 63 73 3d 28 73 65 6c 66 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), c
2024-12-18 08:43:42 UTC	1500	IN	Data Raw: 61 61 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 6f 72 69 67 69 6e 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 7a 68 52 38 73 57 70 78 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b Data Ascii: aad<!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="origin-when-crossorigin" id="meta_referrer" /><script nonce="zhR8sWpx">function envFlush(a){function b(b){for(var c in a)b[c]=a[
2024-12-18 08:43:42 UTC	1240	IN	Data Raw: 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 65 72 72 6f 72 22 2c 65 29 7d 3b 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 65 29 3b 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 65 72 72 6f 72 22 2c 65 29 7d 7d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 41 72 72 61 79 2e 66 72 6f 6d 28 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 27 73 63 72 69 70 74 2c 6c 69 6e 6b 5b 64 61 74 61 2d 61 73 79 6e 63 2d 63 73 73 3d 22 31 22 5d 27 29 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 64 64 4c 6f 61 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 28 61 29 7d 29 3b 76 61 72 20 61 3d 6e 65 77 20 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 28 66 75 6e 63 74 Data Ascii: entListener("error",e)};a.addEventListener("load",e);a.addEventListener("error",e)}}(function(){Array.from(document.querySelectorAll('script,link[data-async-css="1"]')).forEach(function(a){return addLoadEventListeners(a)});var a=new MutationObserver(funct
2024-12-18 08:43:42 UTC	1500	IN	Data Raw: 38 34 64 63 0d 0a 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 6c 6f 67 69 6e 2f 77 65 62 2f 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 79 78 2f 72 2f 65 39 73 71 72 38 57 6e 6b 43 66 2e 69 63 6f 22 20 2f 3e 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 78 78 2e 66 62 63 64 6e 2e 6e 65 74 2f 72 73 72 63 2e 70 68 70 2f 76 35 2f 79 68 2f 6c 2f 30 2c 63 72 6f 73 73 2f 46 33 55 66 68 4c 46 68 61 6f 35 2e 63 73 73 22 20 Data Ascii: 84dccal" href="https://www.facebook.com/login/web/" /><link rel="icon" href="https://static.xx.fbcdn.net/rsrc.php/yx/r/e9sqr8WnkCf.ico" /><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v5/yh/l/0,cross/F3UfhLFhao5.css"
2024-12-18 08:43:42 UTC	1500	IN	Data Raw: 30 38 30 22 2c 5b 22 75 6e 65 78 70 65 63 74 65 64 55 73 65 49 6e 43 6f 6d 65 74 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 75 6e 65 78 70 65 63 74 65 64 55 73 65 49 6e 43 6f 6d 65 74 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 31 32 36 22 2c 5b 22 54 69 6d 65 53 6c 69 63 65 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 54 69 6d 65 53 6c 69 63 65 49 6d 70 6c 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 33 37 32 35 22 2c 5b 22 63 6c 65 61 72 54 69 6d 65 6f 75 74 57 57 57 4f 72 4d 6f 62 69 6c 65 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 63 6c 65 61 72 54 69 6d 65 6f 75 74 57 57 57 4f 72 4d 6f 62 69 6c 65 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 34 33 34 34 22 2c 5b 22 73 65 74 54 69 6d 65 6f 75 74 57 57 57 4f 72 4d 6f 62 69 Data Ascii: 080",["unexpectedUseInComet"],{"__rc":["unexpectedUseInComet",null]},-1],["cr:1126",["TimeSliceImpl"],{"__rc":["TimeSliceImpl",null]},-1],["cr:3725",["clearTimeoutWWWOrMobile"],{"__rc":["clearTimeoutWWWOrMobile",null]},-1],["cr:4344",["setTimeoutWWWOrMobi
2024-12-18 08:43:42 UTC	1500	IN	Data Raw: 74 6c 6f 61 64 73 22 3a 66 61 6c 73 65 2c 22 6a 73 52 65 74 72 69 65 73 22 3a 5b 32 30 30 2c 35 30 30 5d 2c 22 6a 73 52 65 74 72 79 41 62 6f 72 74 4e 75 6d 22 3a 32 2c 22 6a 73 52 65 74 72 79 41 62 6f 72 74 54 69 6d 65 22 3a 35 2c 22 73 69 6c 65 6e 74 44 75 70 73 22 3a 66 61 6c 73 65 2c 22 74 69 6d 65 6f 75 74 22 3a 36 30 30 30 30 2c 22 74 69 65 72 65 64 4c 6f 61 64 69 6e 67 46 72 6f 6d 54 69 65 72 22 3a 31 30 30 2c 22 68 79 70 53 74 65 70 34 22 3a 66 61 6c 73 65 2c 22 70 68 64 4f 6e 22 3a 66 61 6c 73 65 2c 22 70 68 64 53 65 70 61 72 61 74 65 42 69 74 6d 61 70 73 22 3a 66 61 6c 73 65 2c 22 62 74 43 75 74 6f 66 66 49 6e 64 65 78 22 3a 31 38 39 36 2c 22 66 61 73 74 50 61 74 68 46 6f 72 41 6c 72 65 61 64 79 52 65 71 75 69 72 65 64 22 3a 74 72 75 65 2c 22 65 Data Ascii: tloads":false,"jsRetries":[200,500],"jsRetryAbortNum":2,"jsRetryAbortTime":5,"silentDups":false,"timeout":60000,"tieredLoadingFromTier":100,"hypStep4":false,"phdOn":false,"phdSeparateBitmaps":false,"btCutoffIndex":1896,"fastPathForAlreadyRequired":true,"e
2024-12-18 08:43:42 UTC	1500	IN	Data Raw: 53 45 52 22 3a 66 61 6c 73 65 2c 22 41 50 50 5f 49 44 22 3a 22 32 35 36 32 38 31 30 34 30 35 35 38 22 2c 22 49 53 5f 42 55 53 49 4e 45 53 53 5f 44 4f 4d 41 49 4e 22 3a 66 61 6c 73 65 7d 2c 32 37 30 5d 2c 5b 22 4c 53 44 22 2c 5b 5d 2c 7b 22 74 6f 6b 65 6e 22 3a 22 41 56 6f 34 64 54 30 4e 4a 7a 45 22 7d 2c 33 32 33 5d 2c 5b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 2c 5b 5d 2c 7b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 3a 22 56 4b 61 48 6d 59 4d 67 53 61 77 69 50 38 4a 57 46 57 43 73 42 57 22 7d 2c 31 34 31 5d 2c 5b 22 53 69 74 65 44 61 74 61 22 2c 5b 5d 2c 7b 22 73 65 72 76 65 72 5f 72 65 76 69 73 69 6f 6e 22 3a 31 30 31 38 39 35 39 33 38 33 2c 22 63 6c 69 65 6e 74 5f 72 65 76 69 73 69 6f 6e 22 3a 31 30 31 38 39 35 39 33 38 33 2c 22 70 75 73 68 5f 70 68 61 73 Data Ascii: SER":false,"APP_ID":"256281040558","IS_BUSINESS_DOMAIN":false},270],["LSD",[],{"token":"AVo4dT0NJzE"},323],["ServerNonce",[],{"ServerNonce":"VKaHmYMgSawiP8JWFWCsBW"},141],["SiteData",[],{"server_revision":1018959383,"client_revision":1018959383,"push_phas
2024-12-18 08:43:42 UTC	1500	IN	Data Raw: 65 45 78 70 61 6e 64 6f 22 3a 74 72 75 65 7d 2c 32 39 31 35 5d 2c 5b 22 43 6f 6f 6b 69 65 43 6f 72 65 4c 6f 67 67 69 6e 67 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 6d 61 78 69 6d 75 6d 49 67 6e 6f 72 61 62 6c 65 53 74 61 6c 6c 4d 73 22 3a 31 36 2e 36 37 2c 22 73 61 6d 70 6c 65 52 61 74 65 22 3a 39 2e 37 65 2d 35 2c 22 73 61 6d 70 6c 65 52 61 74 65 43 6c 61 73 73 69 63 22 3a 31 2e 30 65 2d 31 30 2c 22 73 61 6d 70 6c 65 52 61 74 65 46 61 73 74 53 74 61 6c 65 22 3a 31 2e 30 65 2d 38 7d 2c 33 34 30 31 5d 2c 5b 22 49 6d 6d 65 64 69 61 74 65 49 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 45 78 70 65 72 69 6d 65 6e 74 73 22 2c 5b 5d 2c 7b 22 70 72 65 66 65 72 5f 6d 65 73 73 61 67 65 5f 63 68 61 6e 6e 65 6c 22 3a 74 72 75 65 7d 2c 33 34 31 39 5d 2c 5b 22 55 72 69 4e 65 Data Ascii: eExpando":true},2915],["CookieCoreLoggingConfig",[],{"maximumIgnorableStallMs":16.67,"sampleRate":9.7e-5,"sampleRateClassic":1.0e-10,"sampleRateFastStale":1.0e-8},3401],["ImmediateImplementationExperiments",[],{"prefer_message_channel":true},3419],["UriNe
2024-12-18 08:43:42 UTC	1500	IN	Data Raw: 69 63 73 5f 6c 65 67 61 63 79 5f 69 6d 67 22 2c 22 67 6f 6f 67 6c 65 5f 75 6e 69 76 65 72 73 61 6c 5f 61 6e 61 6c 79 74 69 63 73 5f 6c 65 67 61 63 79 5f 73 63 72 69 70 74 22 2c 22 6a 69 6f 22 2c 22 6c 69 6e 6b 65 64 69 6e 5f 69 6e 73 69 67 68 74 22 2c 22 6c 69 6e 6b 65 64 69 6e 5f 69 6e 73 69 67 68 74 5f 69 6d 67 22 2c 22 6d 61 70 62 6f 78 5f 6d 61 70 73 5f 61 70 69 22 2c 22 6d 65 64 61 6c 6c 69 61 5f 64 69 67 69 74 61 6c 5f 65 78 70 65 72 69 65 6e 63 65 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 6d 69 63 72 6f 73 6f 66 74 5f 65 78 63 68 61 6e 67 65 22 2c 22 6e 79 74 69 6d 65 73 5f 6f 65 6d 62 65 64 22 2c 22 72 65 61 63 68 74 68 65 77 6f 72 6c 64 5f 73 33 22 2c 22 73 6f 75 6e 64 63 6c 6f 75 64 5f 6f 65 6d 62 65 64 22 2c 22 73 70 6f 74 69 66 79 5f 6f 65 6d 62 Data Ascii: ics_legacy_img","google_universal_analytics_legacy_script","jio","linkedin_insight","linkedin_insight_img","mapbox_maps_api","medallia_digital_experience_analytics","microsoft_exchange","nytimes_oembed","reachtheworld_s3","soundcloud_oembed","spotify_oemb

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:43:42 UTC	775	OUT	GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKi1yQEIjbbJAQijtskBCKmdygEI6pHLAQiWocsBCIWgzQEI2/zNAQjlr84BCLm8zgEI377OAQjMv84BGPTJzQEYwa7OARidsc4BGJq8zgE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-18 08:43:42 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 3170 Date: Wed, 18 Dec 2024 08:43:42 GMT Expires: Wed, 18 Dec 2024 08:43:42 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-18 08:43:42 UTC	584	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07 Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(N_R"0`-A\|N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic
2024-12-18 08:43:42 UTC	1255	IN	Data Raw: 3a 9b 02 75 78 c5 f7 87 37 97 5d 86 eb c2 27 90 d0 28 71 ed aa aa 84 7e 07 e9 86 09 f2 0e 4b 51 c8 57 e2 ad 97 9c 2c 62 b5 d6 4c 3c b7 59 09 5d 9b 56 2b ee ca a8 a1 ba 74 34 bc 24 a3 56 dc ba 4f 09 8f f6 bd 8e 44 a2 35 0c b1 76 9e 6a 81 f6 ae 48 64 10 4d fc f6 b4 12 7a 9b 88 94 b3 1a b8 9e 56 83 f3 71 bf 70 89 ee 97 c4 e0 8e c6 d2 3b 3a 1b 4a de 25 32 e5 ac 47 c9 3b b8 2f b7 45 0c f2 e2 21 88 48 cb 20 df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95 19 25 fc 3e 26 ec 62 ec 24 92 4d 12 0e d1 d1 50 1a 21 c2 fc 97 21 92 1d c1 de 27 4b 76 a5 e3 b5 4e 64 af a1 b5 6d 76 52 fa 3a 96 4c e9 0b e8 eb 77 0b af 79 25 d6 8e 69 9f 1f 48 eb f2 b0 bb 75 0c d5 Data Ascii: :ux7]'(q~KQW,bL<Y]V+t4$VOD5vjHdMzVqp;:J%2G;/E!H /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'KvNdmvR:Lwy%iHu
2024-12-18 08:43:42 UTC	1255	IN	Data Raw: e2 16 73 bd 7d 41 a9 cd 5e 6b a1 2d fd 0d 7e be 97 dd e0 62 a6 99 70 2f 7e 4f 5e 26 93 61 26 ec e2 d8 18 32 cb d0 18 66 b7 a6 f2 2c 56 4b 21 29 0e 37 94 5d 2a 5c 00 ae 93 21 56 26 cf 8d 1d ec 69 99 b5 2f bb 23 96 f6 b8 57 62 ed 8b 4c b8 c8 19 99 82 6d 14 3b fd 1a 44 14 bd 09 98 6d 2b dd 84 32 9b 07 3d 15 a4 f9 5a 59 05 d7 53 0f b2 89 3c 90 99 fe 47 e1 e4 a9 70 fa 1d 77 c1 7b 68 1e 53 9a f8 7b 9e 5c b0 95 21 c5 5c 97 c1 fb 3c 46 ae 78 21 af 8c f3 72 cf 8c 5b 5b e1 e6 df 05 87 7d fd 04 ef 20 8d 75 55 22 f8 1e 65 e0 0b 5a 2b 2b cf 11 7d 05 a8 be f8 47 b7 22 97 5f cb 45 2e 20 c4 49 1b 90 1f 0a 4f fc 20 1d 66 74 a8 6d d0 57 44 31 98 0b aa 86 b7 73 e2 aa 79 0f 91 a0 b6 07 29 1a 4a 5e 77 fc 3b 20 94 36 95 6c 67 84 d2 a5 76 f1 11 ba 72 d1 32 23 1c 00 ad 4b 7d 21 Data Ascii: s}A^k-~bp/~O^&a&2f,VK!)7]*\!V&i/#WbLm;Dm+2=ZYS<Gpw{hS{\!\<Fx!r[[} uU"eZ++}G"_E. IO ftmWD1sy)J^w; 6lgvr2#K}!
2024-12-18 08:43:42 UTC	76	IN	Data Raw: 25 14 54 77 f9 54 45 09 c7 c0 b3 31 f0 04 69 9c 1e e7 ca 39 c7 1e dd 99 bd 0e 81 bc 90 90 f0 02 94 bd a8 07 eb 02 fc 57 7c f8 5a 48 48 48 48 48 48 48 48 48 48 10 fe 07 d8 95 18 53 b9 4a 7f b2 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: %TwTE1i9W\|ZHHHHHHHHHHSJIENDB`

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:43:42 UTC	739	OUT	GET /images/errors/robot.png HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKi1yQEIjbbJAQijtskBCKmdygEI6pHLAQiWocsBCIWgzQEI2/zNAQjlr84BCLm8zgEI377OAQjMv84BGPTJzQEYwa7OARidsc4BGJq8zgE= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-18 08:43:42 UTC	683	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 6327 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 11:06:42 GMT Expires: Fri, 12 Dec 2025 11:06:42 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/png Age: 509820 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-18 08:43:42 UTC	572	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69 Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<i
2024-12-18 08:43:42 UTC	1255	IN	Data Raw: 11 6e 52 86 2d e7 ac 2e 41 5b 35 9e 19 e7 ac f5 ac 7c 8f 70 13 0b c6 2b 76 17 d4 eb 64 5c 65 c5 fb 5d 59 71 3b e1 26 71 30 ae d9 46 ed 63 b0 89 ab ea ce 83 70 33 e1 26 f3 60 1c 95 21 71 ce 98 ef 7d d0 b4 e5 0a 6b a3 67 35 6e 23 dc a4 0c 1c 89 8f 8d d7 a6 e9 4e 47 2d c6 b9 39 0e ee d9 43 9c 8d 5b 08 37 a9 6e c0 76 ed c6 75 d1 ee dc 93 f1 cf ac bd 7b 6f 15 43 26 6e 21 dc a4 28 10 47 37 de b6 4a 41 cb 96 27 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13 5b 0c a6 c4 c1 2a 0a ef 89 da 93 18 a7 a4 72 0b e1 36 8b f1 ac 7a de 14 ae 28 91 67 31 71 41 85 5b 08 9f 11 8b 71 c6 76 2b 9e d8 26 e7 1c b8 42 7b e1 49 8b 5c f0 ca 2d 84 0f c5 ba f4 ec 89 53 d1 79 Data Ascii: nR-.A[5\|p+vd\e]Yq;&q0Fcp3&`!q}kg5n#NG-9C[7nvu{oC&n!(G7JA'6{(<p:!=1f"n8~oN3lp[*r6z(g1qA[qv+&B{I\-Sy
2024-12-18 08:43:42 UTC	1255	IN	Data Raw: fa 8a a3 c9 7d ad 6d c5 cd 64 35 36 58 95 be f6 02 58 1f d7 be c9 5d c7 fb 29 ce 5c 9a b4 72 60 3e 43 0b 22 c6 91 f1 57 ea 1c a5 75 c4 9a ef 17 0e ac af 40 3c 78 d7 89 ef 10 d2 66 f1 83 c2 33 2b ee ae 52 41 95 4b 83 70 54 dd 00 2b 4b a8 11 88 b5 18 cf 24 a7 06 88 37 c0 92 7b 02 bb 2f 21 7b d0 64 7c 8f 40 1b 54 92 f1 c2 5c cc 38 08 9b c8 39 51 9e 3c f4 c8 93 3a c8 10 01 6b a9 ce 1c b5 b0 ee 72 37 ac 9d 27 55 35 2e ee 9e c7 c2 b7 09 97 6c 14 8e da b8 8e 9c f3 c8 93 3a ae f8 63 25 9e a6 08 58 92 66 1c 88 f7 b0 ce 81 17 83 97 b8 2d e3 4e 2b df 24 bc 12 1c 98 87 b1 49 af 9c 6a c1 78 52 7c e6 2f 4b c9 5b 04 ac 4a 33 0e 66 2b 2b e3 85 19 47 c9 5d 65 c5 77 08 af 94 75 b8 0b 7e 6f d8 38 18 27 a6 60 3c b1 fe c8 a9 32 a8 44 0e 66 95 64 5c 67 ea 1e 64 65 dc 4c 78 25 Data Ascii: }md56XX])\r`>C"Wu@<xf3+RAKpT+K$7{/!{d\|@T\89Q<:kr7'U5.l:c%Xf-N+$IjxR\|/K[J3f++G]ewu~o8'`<2Dfd\gdeLx%
2024-12-18 08:43:42 UTC	1255	IN	Data Raw: 62 98 6a 15 57 ed a9 72 6e b9 07 bb 1b 85 cf 4a 59 38 b5 ed 5a f9 22 e1 6d 5a c0 d2 04 8f 83 36 4e ad b4 61 62 3e f0 59 73 1e 38 65 ae 95 ab ac 81 14 ae 10 de f4 28 40 12 8e a4 47 4e 6c 7b 81 ba 5b 37 3e 2b 65 e5 94 75 9f 78 a5 c8 b2 78 ef eb a0 89 d7 84 b7 14 35 88 81 a3 39 2d ca a9 ee 77 b0 35 3e 2d 6d 06 4e 59 e8 95 0b 26 b1 b4 87 28 2e 61 f4 5e 8d 0b c2 5b 42 05 0b 8d 83 98 60 59 38 a1 77 3d 58 e4 f3 ea 46 39 15 77 22 5c 48 c2 81 e8 0a ac a8 0f 93 71 46 78 43 4a 80 08 07 31 19 d8 6e e2 cc e0 1e 96 62 7c 92 2e 9c 9a bd 09 17 82 01 75 89 3c 31 cd 59 ea 8a 7f 84 37 2c 06 72 cf 41 0c 06 ac ba 70 2e a6 3c f6 de 66 3e 45 02 a7 cc 35 71 4e 02 60 de 78 16 07 09 de 77 8d bf 84 ab 4c 12 4c 81 83 79 98 81 59 bb 73 c9 26 f1 ec a1 f1 09 ad 1b a7 92 0f 9c b1 2e 40 Data Ascii: bjWrnJY8Z"mZ6Nab>Ys8e(@GNl{[7>+euxx59-w5>-mNY&(.a^[B`Y8w=XF9w"\HqFxCJ1nb\|.u<1Y7,rAp.<f>E5qN`xwLLyYs&.@
2024-12-18 08:43:42 UTC	1255	IN	Data Raw: cc 53 d4 c5 b8 d9 56 bd 00 a6 11 cd 09 e1 16 db 87 58 ef aa 26 4d a9 36 5e 6b ca 51 1c ca 9c bc 18 b7 d1 9c 47 8e b6 82 86 82 f0 09 f6 24 9a 4d ad b6 52 e7 b0 73 f7 5d 08 4b 08 cb 18 78 4d 0a cf ee 74 15 83 17 6e 22 d2 b2 cb 04 d4 fb 5d 04 e1 63 31 b8 8f be d9 f5 9e 77 79 dc f4 3e 96 56 cd 78 a6 c6 2b de f8 a3 0d 85 e2 89 b7 d8 5c 5b 0d c6 1b 26 f5 6e 60 21 00 c2 c7 aa 1c 34 a9 e9 2e 96 b8 32 8b 9c 12 e5 15 1d 42 35 9e 3c 2c 85 e8 1e b9 aa 04 ef a3 0e a3 ac 88 a9 18 57 68 00 1b 27 40 f8 98 36 de f1 b8 8b 9c 8b d4 14 55 4b 35 0e 26 55 48 e3 c4 6b 0f 7d bd 9b 38 b0 e0 c1 3d 8f 33 57 34 cc 03 07 c2 c7 24 f1 9e 9e 38 b7 88 45 63 56 f5 c8 51 ea 11 f1 c8 2b fd de f8 63 9b 0a b2 ee 91 6b d4 57 1c 08 1f 6b 03 ef d1 c0 b9 b4 f3 c7 15 07 29 84 c8 41 0a 86 0c 91 0b Data Ascii: SVX&M6^kQG$MRs]KxMtn"]c1wy>Vx+\[&n`!4.2B5<,Wh'@6UK5&UHk}8=3W4$8EcVQ+ckWk)A
2024-12-18 08:43:42 UTC	735	IN	Data Raw: f6 1f 17 da de 27 3e b2 d2 34 8d c1 38 33 e6 b8 8c 33 ff 58 4c 21 78 16 18 1e b9 a2 54 3e 20 3c 8b 55 42 ef 3e 04 d7 94 ee 6b ac 33 07 2d 7b e1 23 b6 93 79 cc 0b 67 5a 5e 4a 4e 9c 6a 11 1e 1e fb 50 d3 3d af dd 69 9f 78 9f f0 97 59 2c 41 24 f9 e8 63 ef 3e a8 6e f2 f0 c0 87 cc c5 3c 67 e5 84 8d b9 ac 03 67 92 71 74 97 83 71 e9 3f 11 c6 c8 fb 84 57 fe 33 8b e5 2e 2d be c9 99 4f 28 9e d8 f6 4d 16 59 5a e4 d9 fd fe 7e 70 e3 94 25 90 0a b4 61 98 b8 60 43 5c b9 f1 3e e1 4d 16 aa f1 09 b3 37 a0 ed f3 66 9d fb 98 26 c0 36 3a f9 c0 99 5a e1 2e 72 f0 e0 ce 85 34 d0 76 5b de 27 7c 8d 19 97 cc 03 07 61 af 36 ac b3 bb 34 0b 6e 43 9f 38 65 12 21 45 8e 52 96 c2 a9 b8 17 aa 2f d2 62 ac c5 e6 66 5c 23 7c 49 0a 6a 5c 1a 52 44 76 39 57 48 1a 75 74 f7 d1 76 ca 99 54 00 35 0e Data Ascii: '>4833XL!xT> <UB>k3-{#ygZ^JNjP=ixY,A$c>n<ggqtq?W3.-O(MYZ~p%a`C\>M7f&6:Z.r4v['\|a64nC8e!ER/bf\#\|Ij\RDv9WHutvT5

Timestamp	Bytes transferred	Direction	Data
2024-12-18 08:43:42 UTC	619	OUT	GET /rsrc.php/v5/yh/l/0,cross/F3UfhLFhao5.css HTTP/1.1 Host: static.xx.fbcdn.net Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" Origin: https://www.facebook.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/128.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.facebook.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-12-18 08:43:43 UTC	1929	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT content-md5: iUF8qU7lWjqJt52JKCOqiA== Expires: Mon, 15 Dec 2025 18:43:07 GMT Cache-Control: public,max-age=31536000,immutable report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} timing-allow-origin: * document-policy: force-load-at-top permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/" origin-agent-cluster: ?1 X-FB-Debug: lXjBzrfkJmUAPT+QRd78iVYBSIHXtwZgflHzQGU2XEQVZxI82CdhkN3SYg1aqOFQv5wYaVH6htjCL7o2iOblQA== Date: Wed, 18 Dec 2024 08:43:43 GMT Access-Control-Allow-Origin: https://www.facebook.com Vary: Origin X-FB-Connection-Quality: GOOD; q=0.7, rtt=140, rtx=0, c=14, mss=1277, tbw=3412, tp=-1, tpl=-1, uplat=3, ullat=-1 Alt-Svc: h3=":443"; ma=86400 Connection: close Content-Length: 50242
2024-12-18 08:43:43 UTC	1	IN	Data Raw: 23 Data Ascii: #
2024-12-18 08:43:43 UTC	15878	IN	Data Raw: 6e 61 76 4c 6f 67 69 6e 20 2e 5f 79 6c 34 7b 7a 2d 69 6e 64 65 78 3a 34 7d 2e 5f 79 6c 34 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 32 32 70 78 7d 2e 5f 79 6c 38 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 36 66 37 3b 62 6f 72 64 65 72 3a 30 70 78 20 73 6f 6c 69 64 20 77 68 69 74 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 33 70 78 20 38 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 33 29 3b 68 65 69 67 68 74 3a 32 36 36 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 36 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 5f 79 6c 39 7b 63 6f 6c 6f 72 3a 23 37 66 37 66 37 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c Data Ascii: navLogin ._yl4{z-index:4}._yl4{position:relative;top:22px}._yl8{background-color:#f5f6f7;border:0px solid white;border-radius:3px;box-shadow:0 3px 8px rgba(0, 0, 0, .3);height:266px;padding-bottom:6px;text-align:center}._yl9{color:#7f7f7f;font-size:12px;l
2024-12-18 08:43:43 UTC	16384	IN	Data Raw: 74 6f 70 3a 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 6c 6f 67 69 6e 5f 70 61 67 65 20 2e 64 69 61 6c 6f 67 5f 62 75 74 74 6f 6e 73 20 2e 72 65 67 69 73 74 65 72 5f 6c 69 6e 6b 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 6c 6f 67 69 6e 5f 70 61 67 65 20 23 65 6d 61 69 6c 7b 64 69 72 65 63 74 69 6f 6e 3a 6c 74 72 7d 2e 6c 6f 67 69 6e 5f 70 61 67 65 20 23 65 72 72 6f 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 64 69 76 2e 6c 6f 67 69 6e 5f 70 61 67 65 5f 69 6e 74 65 72 73 74 69 74 69 61 6c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b Data Ascii: top:3px;text-align:left}.login_page .dialog_buttons .register_link{float:left;text-align:left;margin-top:4px;font-weight:bold}.login_page #email{direction:ltr}.login_page #error{margin-top:20px}div.login_page_interstitial{margin-bottom:0px;margin-top:0px;
2024-12-18 08:43:43 UTC	16384	IN	Data Raw: 69 6d 61 67 65 3a 75 72 6c 28 2f 72 73 72 63 2e 70 68 70 2f 76 34 2f 79 58 2f 72 2f 72 7a 46 52 72 32 35 68 6d 49 6c 2e 70 6e 67 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 61 75 74 6f 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 31 37 39 70 78 3b 77 69 64 74 68 3a 31 37 30 70 78 7d 2e 73 70 5f 44 42 50 52 53 72 45 52 4b 63 55 2e 73 78 5f 35 63 38 38 34 30 7b 68 65 69 67 68 74 3a 31 37 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 30 20 2d 31 38 30 70 78 7d 2e 73 70 5f 44 42 50 52 53 72 45 52 4b 63 55 2e 73 78 5f 30 34 37 66 35 36 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 30 Data Ascii: image:url(/rsrc.php/v4/yX/r/rzFRr25hmIl.png);background-size:auto;background-repeat:no-repeat;display:inline-block;height:179px;width:170px}.sp_DBPRSrERKcU.sx_5c8840{height:170px;background-position:0 -180px}.sp_DBPRSrERKcU.sx_047f56{background-position:0
2024-12-18 08:43:43 UTC	1595	IN	Data Raw: 6e 67 3a 6e 6f 72 6d 61 6c 7d 23 66 61 63 65 62 6f 6f 6b 20 2e 5f 36 6d 76 2d 2e 5f 36 6d 76 2d 2c 2e 5f 36 6d 76 2d 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 4f 70 65 6e 20 44 79 73 6c 65 78 69 63 27 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 7d 2e 43 6f 6d 65 74 53 65 74 74 69 6e 67 73 50 61 67 65 20 2e 5f 32 69 65 70 2c 2e 43 6f 6d 65 74 53 65 74 74 69 6e 67 73 50 61 67 65 20 2e 5f 32 69 65 71 2c 2e 43 6f 6d 65 74 53 65 74 74 69 6e 67 73 50 61 67 65 20 2e 5f 35 30 66 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 7d 2e 43 6f 6d 65 74 53 65 74 74 69 6e 67 73 50 61 67 65 20 2e 5f 35 30 66 34 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 0a 68 74 6d 6c 20 2e 5f 35 35 72 31 7b Data Ascii: ng:normal}#facebook ._6mv-._6mv-,._6mv-{font-family:'Open Dyslexic';letter-spacing:normal}.CometSettingsPage ._2iep,.CometSettingsPage ._2ieq,.CometSettingsPage ._50f4{font-size:15px;line-height:20px}.CometSettingsPage ._50f4{font-weight:500}html ._55r1{