Windows Analysis Report
install_numarkidjliveii.exe

Overview

General Information

Sample name:	install_numarkidjliveii.exe
Analysis ID:	1427204
MD5:	c82f01cd37f341209e6ac8c8848ec398
SHA1:	5fe0b58b02a3ea209ed4e9f7fca49b4ed775dc11
SHA256:	7919e9611d4b12ef001005e6af2b8f6c602aa3b4978b2a056e14bc41bd8fe024
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Powershell download and execute

Bypasses PowerShell execution policy

Creates HTA files

Modifies Internet Explorer zone settings

Modifies Internet Explorer zonemap settings

Modifies the windows firewall

Obfuscated command line found

Queries pointing device information (via WMI, Win32_PointingDevice, often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive battery information (via WMI, Win32_Battery, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive printer information (via WMI, Win32_Printer, often done to detect virtual machines)

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sigma detected: Dot net compiler compiles file from suspicious location

Sigma detected: Legitimate Application Dropped Script

Sigma detected: Potential WinAPI Calls Via CommandLine

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious MSHTA Child Process

Sigma detected: Suspicious Script Execution From Temp Folder

Tries to harvest and steal browser information (history, passwords, etc)

Uses netsh to modify the Windows network and firewall settings

Writes or reads registry keys via WMI

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Compiles C# or VB.Net code

Contains functionality for read data from the clipboard

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates or modifies windows services

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for the Microsoft Outlook file path

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Sigma detected: IE Change Domain Zone

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: install_numarkidjliveii.exe	ReversingLabs: Detection: 32%
Source: install_numarkidjliveii.exe	Virustotal: Detection: 43%			Perma Link

Uses 32bit PE files

Source: install_numarkidjliveii.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: unknown	HTTPS traffic detected: 172.67.209.192:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.88.21.119:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49756 version: TLS 1.2

Source:	Binary string: $^q7C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.pdb source: powershell.exe, 00000007.00000002.4091887623.0000000005472000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040810F FindFirstFileA,FindClose,	0_2_0040810F
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408592 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00408592
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00403411 FindFirstFileA,	0_2_00403411

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2037895 ET MALWARE Observed DNS Query to DriverPack Domain ( .drp .su) 192.168.2.4:52257 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2032357 ET MALWARE DriverPack Domain in DNS Query 192.168.2.4:52257 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2037895 ET MALWARE Observed DNS Query to DriverPack Domain ( .drp .su) 192.168.2.4:51224 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2032357 ET MALWARE DriverPack Domain in DNS Query 192.168.2.4:51224 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 87.117.235.115 87.117.235.115
Source: Joe Sandbox View	IP Address: 77.88.21.119 77.88.21.119
Source: Joe Sandbox View	IP Address: 87.250.250.119 87.250.250.119
Source: Joe Sandbox View	IP Address: 37.9.8.75 37.9.8.75
Source: Joe Sandbox View	IP Address: 37.9.8.75 37.9.8.75

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: allfont.ru
Source: global traffic	HTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A897563375%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A678962730%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A612501295%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10342.GydfnN1hdXfzFQMQDc44Q9HEARHRitoT-zHbErZ1LfApOqGOx2dpAKEBlffDSP0X.FDbPLjp3CwmBnIrB84hgd_gqR4I%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs72L_uu8aciMa61tJdTByjYa-tbhOlaiiH39pT7baN8uNFtHdS_OHUdCxokWI3ADXqSYlkJAoI11U2LG9IAAVMfj9hF4GTnDeZ3JeM0yaGM1yQij2zuY2nROj8Azk-nstTQTYGsNVujtqpADUt3taDrdRm6EVyuFO_c4AYpbuahbEDArxuzadVBhxNsww2eyQSA%2C.ol5KyN6CWxJartpTnqUpSoDvL58%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-1-ui-1)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/46420341?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-2-ui-2)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/33423178?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-1-ui-1%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2595979941713337225; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=/SZrgNStdKMhZ8vyo2shk0RJcsq6ZXOxCbkj+zxmRO4aLAVN+JWX77m5VM/qN11pKg+5ZBPiPvYTHAFII2UziHGmqGg=; yandexuid=4952632461713337225; yashr=917947241713337224; ymex=1744873225.yrts.1713337225#1744873225.yrtsi.1713337225
Source: global traffic	HTTP traffic detected: GET /watch/46420341/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-2-ui-2%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2434634081713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=+IKtjNesybxvl+KvCxQbpd594Of1UCAUMsF5bRvRt7L5HaUVbVp6ap2riCF7HQ4cuSMi2njyKTb2cT6IzHLNOTb52Yk=; yandexuid=1099871741713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A586458861%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A308329436%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A465185448%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check_secondary HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: POST /watch/30541482/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A214461765%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A773616488%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10342.B9GRQGs8pmFo4Lpumi1YsPekH6Wn-dIjJLwvGPbbQ1eJKLj_bAn82ZnOl54KYAAI.1xRHuRcvWLbyzFhxh9nui86ekQk%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212; sync_cookie_csrf=1872351521fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A282648834%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A980287809%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A412757713%3Ax%3A32101%3Ay%3A0%3At%3A124%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide_secondary?token=10342.8DQ7Eax45To7u64iM9xyxJV_sEskpVw_Hpk4uo3tqJKOVdNBO6L_-tc6xT04jXckQ8lLcif2_DSC3Sw-toGMsh67nskZysqcZOpgF4RnVAgNeKIu5y9DlJ6-z9iv_roF8gjucku2g4RFJ7hyUOrJXFiXyUlBSCQcZqtGo36vrSLsURhlsIR5761apRMdg9AUqPLU-n4ozlwdiKET0oy_BpNCzUke6y4-1_CIgybW1eg%2C.5uR-FSAzPgVA1_iGgbSCUE-hCcU%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A450156105%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A195840207%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A257828719%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A258617496%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A388750787%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A934793483%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A107870281%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1039018753%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A838339832%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A789989460%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A221157092%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A720320934%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: POST /watch/33423178/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A755637487%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A1022775656%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A419309610%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A943119066%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A969684426%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A723322787%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A111877172%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A265724439%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A556610360%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A286026980%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A653810575%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: POST /watch/46420341/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337228_91dc45f5f1244bfe734fb20d795a95f26039603f3620d6e46615bf54ddecb2dd&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A968100679%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A738440973%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A531994509%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522654328%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A199610596%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A952683707%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1051383922%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A55722148%3Ax%3A32153%3Ay%3A0%3At%3A409%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A97942981%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A848560597%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A375635206%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A986971658%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A266246763%3Ax%3A32101%3Ay%3A0%3At%3A463%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021695890%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A505792363%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A135342147%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A960259864%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A782495120%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A581394745%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A315552122%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1000405654%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A730110411%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A957482948%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A662108354%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A401714213%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1055556027%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A602837488%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1066264284%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A454302231%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002354999%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A909468003%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761297770%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A748021066%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A964748906%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A16650997%3Ax%3A32101%3Ay%3A0%3At%3A919%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002945535%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A293368331%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A280109737%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A751307617%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A147919798%3Ax%3A32101%3Ay%3A0%3At%3A975%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A133735897%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A608498649%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A473289209%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A271187365%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859497283%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A836304924%3Ax%3A32153%3Ay%3A0%3At%3A1097%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054368760%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A539433115%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021854622%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A805199689%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859327609%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A330914073%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A340299571%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A825498394%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A732461021%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A166627184%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A984388053%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054540317%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A123813360%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A688033795%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A520487442%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A361877600%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A481267253%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A762298943%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A96632639%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A595747434%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A854761415%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A767535879%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1005898635%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A421332578%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A278268286%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A437535754%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A888624274%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A780451455%3Ax%3A32153%3Ay%3A0%3At%3A1675%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A211895753%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A281818874%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A759531647%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A988071375%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A534436396%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A482164787%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A360824213%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A392962516%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A663925208%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A461435439%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A229434377%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A953081350%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A978993371%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A943650839%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A705320347%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A913191786%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A33142640%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A771977770%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A656454067%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522215435%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A843582498%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A657646641%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A649697059%3Ax%3A32153%3Ay%3A0%3At%3A2083%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A894681420%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A415632174%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A587143957%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393003063%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393235588%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761234334%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: allfont.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/session HTTP/1.1Accept: /Content-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: auth.drp.suContent-Length: 2Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 0x-drp-client-time: 2024-04-17T07:00:10.375ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 192Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/soft/?callback HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: update.drp.su
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 1x-drp-client-time: 2024-04-17T07:00:10.377ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 191Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 3x-drp-client-time: 2024-04-17T07:00:10.380ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 132Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 2x-drp-client-time: 2024-04-17T07:00:10.379ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 191Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 4x-drp-client-time: 2024-04-17T07:00:10.382ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 177Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 5x-drp-client-time: 2024-04-17T07:00:10.383ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 110Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 6x-drp-client-time: 2024-04-17T07:00:10.385ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 90Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 7x-drp-client-time: 2024-04-17T07:00:10.444ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 137Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 8x-drp-client-time: 2024-04-17T07:00:10.446ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 113Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 9x-drp-client-time: 2024-04-17T07:00:11.730ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 502Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 10x-drp-client-time: 2024-04-17T07:00:13.934ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 99Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 11x-drp-client-time: 2024-04-17T07:00:13.964ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1284Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 12x-drp-client-time: 2024-04-17T07:00:14.086ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1282Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 13x-drp-client-time: 2024-04-17T07:00:19.866ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 97Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/select HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 14x-drp-client-time: 2024-04-17T07:00:19.867ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 16467Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/user-choice/driver/retrieve HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 15x-drp-client-time: 2024-04-17T07:00:19.870ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 2Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 16x-drp-client-time: 2024-04-17T07:00:21.061ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 17x-drp-client-time: 2024-04-17T07:00:23.122ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 229Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 18x-drp-client-time: 2024-04-17T07:00:23.123ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 122Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 19x-drp-client-time: 2024-04-17T07:00:23.138ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 873Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 20x-drp-client-time: 2024-04-17T07:00:23.169ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 32741Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 22x-drp-client-time: 2024-04-17T07:00:25.109ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 97Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 23x-drp-client-time: 2024-04-17T07:00:25.113ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 155Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/cleaner HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 24x-drp-client-time: 2024-04-17T07:00:25.114ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 2597Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 25x-drp-client-time: 2024-04-17T07:00:27.847ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 130Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 26x-drp-client-time: 2024-04-17T07:00:27.881ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1282Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 27x-drp-client-time: 2024-04-17T07:00:27.919ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 176Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 28x-drp-client-time: 2024-04-17T07:00:28.246ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 186Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 29x-drp-client-time: 2024-04-17T07:00:28.255ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1358Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 30x-drp-client-time: 2024-04-17T07:00:28.260ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 147Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 31x-drp-client-time: 2024-04-17T07:00:28.270ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 165Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 32x-drp-client-time: 2024-04-17T07:00:28.277ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 153Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 33x-drp-client-time: 2024-04-17T07:00:28.279ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1300Connection: Keep-AliveCache-Control: no-cache

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: allfont.ru
Source: global traffic	HTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A897563375%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A678962730%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A612501295%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10342.GydfnN1hdXfzFQMQDc44Q9HEARHRitoT-zHbErZ1LfApOqGOx2dpAKEBlffDSP0X.FDbPLjp3CwmBnIrB84hgd_gqR4I%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs72L_uu8aciMa61tJdTByjYa-tbhOlaiiH39pT7baN8uNFtHdS_OHUdCxokWI3ADXqSYlkJAoI11U2LG9IAAVMfj9hF4GTnDeZ3JeM0yaGM1yQij2zuY2nROj8Azk-nstTQTYGsNVujtqpADUt3taDrdRm6EVyuFO_c4AYpbuahbEDArxuzadVBhxNsww2eyQSA%2C.ol5KyN6CWxJartpTnqUpSoDvL58%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-1-ui-1)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/46420341?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-2-ui-2)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/33423178?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-1-ui-1%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2595979941713337225; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=/SZrgNStdKMhZ8vyo2shk0RJcsq6ZXOxCbkj+zxmRO4aLAVN+JWX77m5VM/qN11pKg+5ZBPiPvYTHAFII2UziHGmqGg=; yandexuid=4952632461713337225; yashr=917947241713337224; ymex=1744873225.yrts.1713337225#1744873225.yrtsi.1713337225
Source: global traffic	HTTP traffic detected: GET /watch/46420341/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-2-ui-2%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2434634081713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=+IKtjNesybxvl+KvCxQbpd594Of1UCAUMsF5bRvRt7L5HaUVbVp6ap2riCF7HQ4cuSMi2njyKTb2cT6IzHLNOTb52Yk=; yandexuid=1099871741713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A586458861%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A308329436%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A465185448%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check_secondary HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A773616488%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10342.B9GRQGs8pmFo4Lpumi1YsPekH6Wn-dIjJLwvGPbbQ1eJKLj_bAn82ZnOl54KYAAI.1xRHuRcvWLbyzFhxh9nui86ekQk%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212; sync_cookie_csrf=1872351521fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A282648834%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A980287809%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A412757713%3Ax%3A32101%3Ay%3A0%3At%3A124%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide_secondary?token=10342.8DQ7Eax45To7u64iM9xyxJV_sEskpVw_Hpk4uo3tqJKOVdNBO6L_-tc6xT04jXckQ8lLcif2_DSC3Sw-toGMsh67nskZysqcZOpgF4RnVAgNeKIu5y9DlJ6-z9iv_roF8gjucku2g4RFJ7hyUOrJXFiXyUlBSCQcZqtGo36vrSLsURhlsIR5761apRMdg9AUqPLU-n4ozlwdiKET0oy_BpNCzUke6y4-1_CIgybW1eg%2C.5uR-FSAzPgVA1_iGgbSCUE-hCcU%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A450156105%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A195840207%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A257828719%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A258617496%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A388750787%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A934793483%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A107870281%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1039018753%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A838339832%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A789989460%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A221157092%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A720320934%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A1022775656%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A419309610%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A943119066%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A969684426%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A723322787%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A111877172%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A265724439%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A556610360%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A286026980%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A653810575%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A738440973%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A531994509%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522654328%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A199610596%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A952683707%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1051383922%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A55722148%3Ax%3A32153%3Ay%3A0%3At%3A409%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A97942981%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A848560597%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A375635206%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A986971658%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A266246763%3Ax%3A32101%3Ay%3A0%3At%3A463%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021695890%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A505792363%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A135342147%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A960259864%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A782495120%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A581394745%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A315552122%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1000405654%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A730110411%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A957482948%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A662108354%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A401714213%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1055556027%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A602837488%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1066264284%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A454302231%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002354999%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A909468003%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761297770%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A748021066%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A964748906%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A16650997%3Ax%3A32101%3Ay%3A0%3At%3A919%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002945535%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A293368331%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A280109737%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A751307617%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A147919798%3Ax%3A32101%3Ay%3A0%3At%3A975%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A133735897%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A608498649%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A473289209%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A271187365%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859497283%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A836304924%3Ax%3A32153%3Ay%3A0%3At%3A1097%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054368760%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A539433115%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021854622%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A805199689%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859327609%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A330914073%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A340299571%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A825498394%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A732461021%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A166627184%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A984388053%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054540317%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A123813360%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A688033795%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A520487442%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A361877600%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A481267253%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A762298943%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A96632639%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A595747434%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A854761415%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A767535879%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1005898635%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A421332578%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A278268286%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A437535754%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A888624274%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A780451455%3Ax%3A32153%3Ay%3A0%3At%3A1675%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A211895753%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A281818874%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A759531647%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A988071375%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A534436396%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A482164787%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A360824213%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A392962516%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A663925208%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A461435439%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A229434377%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A953081350%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A978993371%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A943650839%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A705320347%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A913191786%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A33142640%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A771977770%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A656454067%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522215435%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A843582498%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A657646641%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A649697059%3Ax%3A32153%3Ay%3A0%3At%3A2083%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A894681420%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A415632174%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A587143957%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393003063%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393235588%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761234334%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: allfont.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/soft/?callback HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: update.drp.su

Source: unknown

DNS traffic detected: queries for: allfont.ru

Source: unknown

HTTP traffic detected: POST /watch/30541482/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A214461765%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226

Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E20000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E20000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686824877.0000000008E20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/
Source: mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console
Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console&
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console);.header
Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console4
Source: mshta.exe, 00000002.00000003.1686824877.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-consolei
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auth.drp.su
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auth.drp.su/api/session
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auth.drp.su/api/session6F
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://community.drp.su/topic/8266/how-to-remove-driverpack
Source: install_numarkidjliveii.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: install_numarkidjliveii.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: install_numarkidjliveii.exe	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: mshta.exe, 00000002.00000003.1761250279.000000000D67A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driv
Source: mshta.exe, 00000002.00000003.1760628329.000000000D67F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360ts.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360tsNew.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360tsOld.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360tsOld.execonfirmPopup.descriptionconfirmPopup.description.enconfirmP
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/7-Zip.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/7-Zip.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/AIMP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/AIMP.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Backupper.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Backupper.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Chrone.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Chrone.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DirectX.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DirectX.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DotNet.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DotNet.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DotNetXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FSImage.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FSImage.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Firefox.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FirefoxEn.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FirefoxEn.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FirefoxRu.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FlashPlayer.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FlashPlayer.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FoxitReader.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FoxitReader.exe7
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FoxitReader.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/K-Lite.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/K-Lite.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/K-LiteXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle_win7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle_win7.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle.exeDescription.enDescription.ru4
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle_win7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle_win7.exeDescription.enDescription.rud
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink64.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink64_win7.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink_win7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink_win7.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaXP.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/PotPlayer.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/PotPlayer.exeH
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/PotPlayer.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/RuntimePack.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/RuntimePack.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SearcherBar.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SearcherBar.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Skype.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SkypeNew.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SkypeXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/TeamViewer.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/TeamViewer.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/VisualCplus.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/VisualCplus.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRAR.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Br.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Br.exeDescription.enDescription.ruPTU
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Eng.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Rus.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Rus.exeDescription.enDescription.rudaU
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Yandex.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/ab/4/Internet-Start.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/ab/downloader_browser.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/internet_start.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/uTorrent.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/uTorrent.png
Source: mshta.exe, 00000002.00000003.1763142428.000000000D690000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761124279.000000000D68A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760628329.000000000D67F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus10.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus10.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus7.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus8.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus8.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus81.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus81.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/AsusXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell10.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell10.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell7.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell81.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell81.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/DriverPack-Alice.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/FujitsuNT.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/HPNT.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/MSI64.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/MSI64.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/MSI86.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/ToshibaNT.exe
Source: mshta.exe, 00000002.00000003.1786062031.000000000D713000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/V
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/VizioNT.exe
Source: drp.js.0.dr	String found in binary or memory: http://dl.drp.su
Source: mshta.exe, 00000002.00000003.1905187770.000000000F2AF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1904906240.000000000F2A6000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1905056715.000000000F2A7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/driverpacks/repack/MassStorage/LSI/FORCED/5x64/SAS_1.34.03/LSI-FORCED-5x64-SAS_1.34
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/360ts.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/360tsNew.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/7-Zip.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/7-Zip.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AIMP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AIMP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AvastAntivirus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AvastAntivirusA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AvastAntivirusWorldwideA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Backupper.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Backupper.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Chrone.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Chrone.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DirectX.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DirectX.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DotNet.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DotNet.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DotNetXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DriverPack-Cloud-New.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DriverPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FSImage.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FSImage.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox64en.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox64ru.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox86en.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox86ru.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FlashPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FlashPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/K-Lite.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/K-Lite.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Opera.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Opera64cis_woGoogle.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Opera86cis_woGoogle.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaBlink.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaBlink64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaXP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PDFViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PDFViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PotPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PotPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/RuntimePack.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/RuntimePack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Skype.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Skype.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/SkypeXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/TeamViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/TeamViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/VisualCplus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/VisualCplus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRAR.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRARx86Br.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRARx86Eng.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRARx86Rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Yandex.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/YandexLiteUSA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/YandexPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/internet_start.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/empty.cmd
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/wcry_patch_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/wcry_smb_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows7-kb4012212-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows7-kb4012212-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8.1-kb4012213-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8.1-kb4012213-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windowsxp-kb4012598-x86-custom-enu.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windowsxp-kb4012598-x86-custom-rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/uTorrent.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/uTorrent.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus8.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/AsusXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Dell10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Dell7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Dell81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/FujitsuNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/HPNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/MSIx64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/MSIx86.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/ToshibaNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/VizioNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://dl.drp.su/updates/beetle
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/updates/ya-downloader/downloader_browser.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/updates/ya-downloader/downloader_elements.exe
Source: drp.js.0.dr	String found in binary or memory: http://download.driverpacks.net
Source: drp.js.0.dr	String found in binary or memory: http://download.drp.su
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/17-online/DriverPack-17-Online.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/1074CBD200BFFA29C675BCCDD3D57800.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/137B107B11BC904FCCEFE14AB625FA7F.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/1C4C655B028F246E77B97465CDE78B02.png
Source: mshta.exe, 00000002.00000003.1924070113.000000000D72A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/2601EE98B41E8800E63FAF547D46059E.png
Source: mshta.exe, 00000002.00000003.1924070113.000000000D72A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/298FA6E90D6DAE33BBEBE4ABD99307FF.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/4157251F9FB77BBB33508F8AE6F93E4D.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/44E73F3C92E551742A13ED5FE352DE77.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/456022F12008313E6B7E1412FFE3FE1B.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/91EC006ED46884324AEE90DF1D331644.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/986ADC545FA5BFDD736DBF5AFB90D384.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/A7E0E51E2D06CBE71986E6E5100E7151.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/D1618DE8AA6B69CB87DD29DCF0EAF769.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/E38CFFEAD913423A620C3914CEF36C7C.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/F803D99FCBEE0DAEEDDF626262584917.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/FEF2BD7EC16BC959302A18A342650D53.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/winrar.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/yandex_browser_manager.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Chipset/Intel/WinAll/Chipset/9.3.2.1020_NEW/Intel-WinAll-C
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/Allx86/10.1.0.1008_rst/Intel-FORC
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/Allx86/11.2.0.1006_TWEAK/Intel-FO
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/Allx86/8.9.8.1005_TWEAK/Intel-FOR
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/NTx86/12.8.6.1000_TWEAK/Intel-FOR
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/Asus_6.10.6233.224/IDT-AllNTx64x
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/ECS_6.10.6207.2/IDT-AllNTx64x86-
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/HP_6.10.6233.266/IDT-AllNTx64x86
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/Lenovo_6.10.6233/IDT-AllNTx64x86
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/7-Zip.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/7-Zip.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AIMP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AIMP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AvastAntivirus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AvastAntivirusA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AvastAntivirusWorldwideA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Backupper.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Backupper.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DirectX.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DirectX.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DotNet.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DotNet.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DotNetXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack-Cloud-New.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack-Cloud.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack-Notifier.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FSImage.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FSImage.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Firefox.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Firefox.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FlashPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FlashPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/K-Lite.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/K-Lite.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Opera.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaBlink.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaBlink64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaXP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PDFViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PDFViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PotPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PotPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/RuntimePack.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/RuntimePack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Skype.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Skype.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/SkypeXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/TeamViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/TeamViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/VisualCplus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/VisualCplus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRAR.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRARx86Br.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRARx86Eng.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRARx86Rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Yandex.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/YandexLiteUSA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/YandexPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/empty.cmd
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/wcry_patch_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/wcry_smb_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows7-kb4012212-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows7-kb4012212-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8.1-kb4012213-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8.1-kb4012213-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windowsxp-kb4012598-x86-custom-enu.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windowsxp-kb4012598-x86-custom-rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/uTorrent.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/uTorrent.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/stable/DriverPack-Online-lts-17-6-12.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus8.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/AsusXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Dell10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Dell7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Dell81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/FujitsuNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/HPNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/MSIx64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/MSIx86.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/ToshibaNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/VizioNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/updates/ya-downloader/downloader_browser.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/updates/ya-downloader/downloader_browser_tr.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/updates/ya-downloader/downloader_elements.exe
Source: install_numarkidjliveii.exe, install_numarkidjliveii.exe, 00000000.00000002.1683416761.0000000000412000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://downloader.yandex.net/yandex-pack/do
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://downloader.yandex.net/yandex-pack/downloader/info.rssDownloading
Source: mshta.exe, 00000002.00000003.1825092473.000000000C035000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847444165.000000000C07F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1854528256.000000000C07F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1905610057.000000000F161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://drp.su/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://drp.su/error/noscript/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://fb.me/react-devtools
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://fb.me/react-warning-keys
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://fb.me/react-warning-polyfills
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/1wAmHx
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/4Y4pDk
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/6Vqhm0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/8FZo5V
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/916lJJ
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/9ITlV0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/DT1qyG
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/EC22Yn
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/KsIlge
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/LhFpo0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/OsFKC8
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/hPuiwB
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/hc1DLj
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/iWrZbw
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/m3OTXk
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/o84o68
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/s8MMhc
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/sdkXL9
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://new.internet-start.net/?q=
Source: install_numarkidjliveii.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: install_numarkidjliveii.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ocsp.thawte.com0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://online.drp.su/
Source: mshta.exe, 00000002.00000003.1901453716.000000000F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://online.drp.su/driverpack_online/api_response_received/17.10.7_online
Source: mshta.exe, 00000002.00000003.1931970995.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://online.drp.su/driverpack_online/gdpr_popup_showed/17.10.7_online
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4095931400.00000000073C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000007.00000002.4091887623.0000000004EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://static.drp.su/update/logs/script.js
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://static.drp.su/update/logs/style.css
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su
Source: mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/
Source: mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/;YU
Source: mshta.exe, 00000002.00000003.1851479660.000000000D5B4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889545060.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890604360.000000000D5B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887394083.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932103729.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5B4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890448098.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925479515.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930453589.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/C
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/U
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1892936292.000000000D573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890448098.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1931128371.000000000D6A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleaner
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanerK
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanerMX
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleaner_
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleaneraX;
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanertVersion
Source: mshta.exe, 00000002.00000003.1887394083.000000000D573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1892936292.000000000D573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanery
Source: mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su/api/events
Source: mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events)
Source: mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events);
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/kSolution.html
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932746227.000000000D90A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/kSolution.html0
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932746227.000000000D90A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/kSolution.html0s_other.0
Source: mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events:
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsA8050
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsO
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsOD
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsQ
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsXO
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsce
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsd
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsocal/Temp/DriverPack-2024041790000/css/proximanova.css
Source: mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventssoft
Source: mshta.exe, 00000002.00000003.1886982602.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su/api/logs
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs0
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs2A&
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs5
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs6O
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1885957062.000000000D798000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887008788.000000000D798000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888539563.000000000D79F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D78E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs7
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs9:
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs;
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsE0.
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsFA
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsG
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787776238.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsJ
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsMA
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsRO
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsS
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsT
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsX
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsY
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsYi
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs_
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsa
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logscO
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsh
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsq
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsr
Source: mshta.exe, 00000002.00000003.1821703159.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825764669.000000000D8E5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1824560475.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825992676.000000000D8F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782884403.000000000D8C9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logss
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsv
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsw
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886838189.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886982602.000000000D897000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logswY
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs~
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848324923.000000000E7F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/select
Source: mshta.exe, 00000002.00000003.1848324923.000000000E7F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/select?M
Source: mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/selectL
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/selectO
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/selectz
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve.(
Source: mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve0
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve?(
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieveG(
Source: mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieveH
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrievea
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su/firebug/firebug-lite-debug.js
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/h
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/q
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/v2/
Source: mshta.exe, 00000002.00000003.1853844743.000000000C0A8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/v2/soft/?callback
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su:80/v2/soft/?callbackika/watch.js...E
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.suL
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4095931400.00000000073C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Open
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1708680352.000000000BFD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoLightWebfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoThinWebfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1708680352.000000000BFD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Webfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://www.google-analytics.com/collect
Source: mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-58593486-1&cid=589230014.4837132694&t=even
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860913261.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888643545.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889202329.000000000D7F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866113292.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-68879973-2
Source: mshta.exe, 00000002.00000003.1928894844.000000000C0DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902979908.000000000F271000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927427442.000000000E886000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866809798.000000000D90A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D540000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902650902.000000000F261000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D78E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902740292.000000000F263000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1893429908.000000000D90F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887587139.000000000D90A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902896216.000000000F270000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902786078.000000000F268000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928894844.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-68879973-23&cid=589230014.4837132694&t=eve
Source: mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-68879973-26&cid=589230014.4837132694&t=eve
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860913261.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888643545.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889202329.000000000D7F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866113292.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-69093127-16&cid=589230014.48371326
Source: mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-69093127-16&cid=589230014.4837132694&t=eve
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&tid=UA-68879973-6&aip=1
Source: mshta.exe, 00000002.00000003.1686295373.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.marksimonson.comM
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008DDB000.00000004.00000020.00020000.00000000.sdmp, proxima_nova_semibold-webfont.eot.0.dr	String found in binary or memory: http://www.marksimonson.comhttp://www.marksimonson.comhttp://www.ms-studio.com/FontSales/msslicensea
Source: mshta.exe, 00000002.00000003.1686295373.0000000008DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.marksimonson.comhttp://www.ms-studio.com/FontSales/msslicenseagreement.htmlWebfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://www.msftncsi.com/ncsi.txt
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com/eula/computers
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com/privacy
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com/ru/computer/features
Source: powershell.exe, 00000007.00000002.4091887623.0000000004EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://allfont.ru/
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://allfont.ru/allfont.css?fonts=lucida-console
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://allfont.ru/l
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787776238.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxwindow.modelDatawindow.modelData.typewindow.modelData
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ar/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/az/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/be/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, bg.js.0.dr	String found in binary or memory: https://driverpack.io/bg/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/bn/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ca/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/cs/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, de.js.0.dr	String found in binary or memory: https://driverpack.io/de/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/el/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/es-419/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/es/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, et.js.0.dr	String found in binary or memory: https://driverpack.io/et/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/fa/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/fr/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/gu/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/hi/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/hu/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/hy/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/id/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/it/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ka/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ko/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ku/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/nl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/no/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/om/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/pl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/pt-pt/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ro/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/sk/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/sr/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/sw/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ta/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/te/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/tg/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/th/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/tl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/uk/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ur/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/uz/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, vi.js.0.dr	String found in binary or memory: https://driverpack.io/vi/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/yo/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/zh-cn/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: https://drp.su/
Source: install_numarkidjliveii.exe	String found in binary or memory: https://drp.su/0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr	String found in binary or memory: https://drp.su/en/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/pt-br/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/ru/catalog
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/ru/cloud
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/ru/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/sl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/sq/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/tr/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, zh.js.0.dr	String found in binary or memory: https://drp.su/zh/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747365851.000000000DF61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782506271.000000000E3D0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1769352059.000000000DF61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787776238.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782611297.000000000DEC0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782567835.000000000E380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getyabrowser.com
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://getyabrowser.comDescription.en
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4095931400.00000000073C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iframe-tasks.yandex
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iframe-toloka.com
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686824877.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.co
Source: mshta.exe, 00000002.00000003.1887394083.000000000D542000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com
Source: mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889202329.000000000D7F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/$
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/.sValueName(
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/AppData/Local/Temp/DriverPack-2024041790000/DriverPackSolution.html&3
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/ata
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/b
Source: mshta.exe, 00000002.00000003.1887238401.000000000E87F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1998636339.000000000F3F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal
Source: mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855324168.000000000C01A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal
Source: mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1998636339.000000000F3F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/e.drp.su/api/events21~~local~~/
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/erPack-2024041790000/DriverPackSolution.html
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/l
Source: mshta.exe, 00000002.00000003.1887625182.000000000E81F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930641132.000000000E823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gif
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gif/DriverPack-2024041790000/css/icons-checkbox.css
Source: mshta.exe, 00000002.00000003.1866625586.000000000E81F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848369159.000000000E82E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1861118515.000000000E82E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1892575034.000000000E82C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887625182.000000000E81F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gifB
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gifor
Source: mshta.exe, 00000002.00000003.1866625586.000000000E81F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848369159.000000000E82E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1861118515.000000000E82E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gifr
Source: mshta.exe, 00000002.00000003.1884764232.000000000D670000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889836044.000000000D670000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886782054.000000000D670000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cooki
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_check
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_checkX2
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_checkerPack-2024041790000/css/fonts/Open-Sans/opensans-regul
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_checkk2
Source: mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs
Source: mshta.exe, 00000002.00000003.1987754412.000000000DF09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLoc
Source: mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa
Source: mshta.exe, 00000002.00000003.1987754412.000000000DF09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fappli
Source: mshta.exe, 00000002.00000003.1886782054.000000000D670000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData
Source: mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888993126.000000000C0CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928894844.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890258342.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/33423178?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData
Source: mshta.exe, 00000002.00000003.1887162106.000000000D6F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891524730.000000000D692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/46420341/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/46420341?wmode=7&page-url=fi
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888993126.000000000C0CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887587139.000000000D90A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865950348.000000000D78E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890258342.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/46420341?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.md/cc
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/GTA5/?utm_source=driverpack&utm_medium=referral&utm_campaign=Games
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/Hitman_demo/?utm_source=driverpack&utm_medium=referral&utm_term=Hitman&u
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/Resident_evil_7_Demo/?utm_source=driverpack&utm_medium=referral&utm_term
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/mafia3_demo/?utm_source=driverpack&utm_medium=referral&utm_term=mafia3&u
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/overwatch/?utm_source=driverpack&utm_medium=referral&utm_campaign=Games
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/sid_meiers_civilization_vi_demo/?utm_source=driverpack&utm_medium=referr
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/games/?utm_source=driverpack&utm_medium=referral&utm_campaign=Games
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/intro_doom/?utm_source=driverpack&utm_medium=referral&utm_term=doom&utm_conte
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/intro_witcher3/?utm_source=driverpack&utm_medium=referral&utm_term=witcher3&u
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/reg/?utm_source=driverpack&utm_medium=referral&utm_term=reg&utm_campaign=driv
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s3.mds.yandex.net/internal-metrika-betas
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sdi-tool.org/yandex_games.ico
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sdi-tool.org/yandex_pogoda.ico
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/games
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/gameslnk1.WindowStylelnk1.IconLocation
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1763142428.000000000D690000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761124279.000000000D68A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1763230331.000000000D693000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/meteum
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/meteumlnk2.WindowStylelnk2.IconLocation
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: https://vk.com/driverpacksolution
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/driverpacksolution?w=wall-29220845_58256
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/driverpacksolution?w=wall-29220845_61453
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/driverpacksolution?w=wall-29220845_63691
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742910
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742915
Source: mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/topic-29220845_347429158#N
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742952
Source: mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/topic-29220845_34742952p
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742960
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742983
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742999
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34743004
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34743007
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34743011
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/license/360-total-security/
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/privacy/
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/privacy/Description.en
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/free-antivirus-download
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.ru/free-antivirus-download
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.ru/privacy-policy
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.fontsquirrel.com)
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: https://www.google-analytics.com/collect
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/about/legal/eula/
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/Description.endWU
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/computer
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/computerDescription.en
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com/an/sync_cookie
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com/legal/browser_agreement/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com/legal/privacy/
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/gdpr/v3/gdpr
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/metrika
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/metrika/2.1540128042.1/form-selector/button_ru.js
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ymetrica1.com/watch/3/1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 172.67.209.192:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.88.21.119:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49756 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_004070F7 GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetDlgItemTextA,ShowWindow,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004070F7

System Summary

Creates HTA files

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\run.hta	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\modules\bugreport.hta	Jump to behavior

Writes or reads registry keys via WMI

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_0040435D EntryPoint,SetErrorMode,GetVersion,InitCommonControls,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,DeleteFileA,DeleteFileA,GetWindowsDirectoryA,DeleteFileA,DeleteFileA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,DeleteFileA,DeleteFileA,OleUninitialize,GetCurrentProcess,ExitWindowsEx,ExitProcess,

0_2_0040435D

Detected potential crypto function

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00421A12	0_2_00421A12
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00421CD7	0_2_00421CD7
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00424CE6	0_2_00424CE6
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004208F0	0_2_004208F0
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00424D63	0_2_00424D63
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0042096D	0_2_0042096D
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00423F0E	0_2_00423F0E
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0041CD3A	0_2_0041CD3A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004217EE	0_2_004217EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 7_2_0480947F	7_2_0480947F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 7_2_04808507	7_2_04808507

PE / OLE file has an invalid certificate

Source: install_numarkidjliveii.exe

Static PE information: invalid certificate

Sample file is different than original file name gathered from version info

Source: install_numarkidjliveii.exe	Binary or memory string: OriginalFilename vs install_numarkidjliveii.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1683416761.0000000000412000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedownloader.exeB vs install_numarkidjliveii.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemicrostub.exeL vs install_numarkidjliveii.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedownloader.exeB vs install_numarkidjliveii.exe

Searches for the Microsoft Outlook file path

Source: C:\Windows\SysWOW64\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Uses 32bit PE files

Source: install_numarkidjliveii.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Uses reg.exe to modify the Windows registry

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Process created: C:\Windows\SysWOW64\reg.exe C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg"

Source: classification engine

Classification label: mal100.phis.spyw.expl.evad.winEXE@29/417@5/5

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_00405C30 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,GetDiskFreeSpaceA,MulDiv,

0_2_00405C30

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_0040296E CoCreateInstance,MultiByteToWideChar,

0_2_0040296E

Source: C:\Windows\SysWOW64\mshta.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\allfont[1].css

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7160:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7312:120:WilError_03

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

File created: C:\Users\user\AppData\Local\Temp\nsd21ED.tmp

Jump to behavior

Source: install_numarkidjliveii.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" hardware"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" drivers"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" newsoft"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" localdiagnostics"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Handle = "7916"

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep

Source: install_numarkidjliveii.exe	ReversingLabs: Detection: 32%
Source: install_numarkidjliveii.exe	Virustotal: Detection: 43%

Source: install_numarkidjliveii.exe

String found in binary or memory: 3http://crl.usertrust.com/AddTrustExternalCARoot.crl05

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

File read: C:\Users\user\Desktop\install_numarkidjliveii.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\install_numarkidjliveii.exe "C:\Users\user\Desktop\install_numarkidjliveii.exe"
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\reg.exe C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg"
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\mshta.exe C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta
Source: C:\Windows\SysWOW64\reg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\reg.exe C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg"	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\mshta.exe C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe"

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxtrans.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ddrawex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxtmsft.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: t2embed.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: imgutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: esscli.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: esscli.dll

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: install_numarkidjliveii.exe

Static file information: File size 4887336 > 1048576

Source:	Binary string: $^q7C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.pdb source: powershell.exe, 00000007.00000002.4091887623.0000000005472000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Obfuscated command line found

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""	Jump to behavior

Compiles C# or VB.Net code

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"

PE file contains sections with non-standard names

Source: AvastAntivirusA.exe.0.dr	Static PE information: section name: .didat
Source: AvastAntivirusWorldwideA.exe.0.dr	Static PE information: section name: .didat

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00401860 push eax; mov dword ptr [esp], ebx	0_2_0040191A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040183B push edi; mov dword ptr [esp], eax	0_2_0040184E
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push eax; mov dword ptr [esp], ebx	0_2_0040628F
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push ebx; mov dword ptr [esp], 00434400h	0_2_004062AA
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push eax; mov dword ptr [esp], 0040B3B0h	0_2_00406432
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push esi; mov dword ptr [esp], 00000001h	0_2_004064F1
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00401AEC push edx; mov dword ptr [esp], eax	0_2_00401B39
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00401AEC push edi; mov dword ptr [esp], 00412840h	0_2_00401B50
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push esi; mov dword ptr [esp], 00000004h	0_2_004071A6
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push ecx; mov dword ptr [esp], 00000015h	0_2_004071D7
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push eax; mov dword ptr [esp], ebx	0_2_0040742D
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push eax; mov dword ptr [esp], 00000001h	0_2_0040749A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004042A4 push eax; mov dword ptr [esp], 00435400h	0_2_004042B7
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004042A4 push eax; mov dword ptr [esp], 00435400h	0_2_004042D9
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408147 push ebx; mov dword ptr [esp], 0042AF40h	0_2_00408164
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408147 push eax; mov dword ptr [esp], 0042AF40h	0_2_004081DC
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 0040B301h	0_2_0040439E
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push ebx; mov dword ptr [esp], 0040B309h	0_2_004043AB
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push esi; mov dword ptr [esp], 0040B311h	0_2_004043B8
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push edi; mov dword ptr [esp], 0000000Dh	0_2_004043C5
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 0000000Bh	0_2_004043D2
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push esi; mov dword ptr [esp], 00000000h	0_2_0040445D
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push edx; mov dword ptr [esp], eax	0_2_0040449A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], ebx	0_2_0040457C
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 00435400h	0_2_004046D2
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push ecx; mov dword ptr [esp], 00427D20h	0_2_00404747
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 00427D20h	0_2_004047AC
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push ebx; mov dword ptr [esp], 00000002h	0_2_00404824
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004049C6 push eax; mov dword ptr [esp], ebx	0_2_004049F4
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00404FD9 push eax; mov dword ptr [esp], 00000405h	0_2_00405501
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004025F9 push ecx; mov dword ptr [esp], ebx	0_2_0040261A

Drops PE files

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser_tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_elements.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	File created: C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusWorldwideA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\nst22E9.tmp\System.dll	Jump to dropped file

Creates or modifies windows services

Source: C:\Windows\SysWOW64\mshta.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Microsoft-Windows-Diagnostics-Performance/Operational

Jump to behavior

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries pointing device information (via WMI, Win32_PointingDevice, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PointingDevice

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity

Queries sensitive battery information (via WMI, Win32_Battery, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PortableBattery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter

Queries sensitive printer information (via WMI, Win32_Printer, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Printer

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT State, Name FROM Win32_Service WHERE Name="wscsvc"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT State, Name FROM Win32_Service WHERE Name="wscsvc"

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_SoundDevice

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Contains long sleeps (>= 3 min)

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 655464

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5350
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4414

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser_tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_elements.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusWorldwideA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst22E9.tmp\System.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7004	Thread sleep count: 5350 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7244	Thread sleep time: -17524406870024063s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6836	Thread sleep count: 4414 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7920	Thread sleep time: -655464s >= -30000s

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Baseboard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040810F FindFirstFileA,FindClose,	0_2_0040810F
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408592 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00408592
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00403411 FindFirstFileA,	0_2_00403411

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 655464

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior

Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverCD-ROM DriveCDROMSCSI\CdRomNECVMWarVMware_SATA_CD001.00SCSI\CdRomSCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000{4d36e965-e325-11ce-bfc1-08002be10318}Bus Number 0, Target Id 0, LUN 0\Device\00000025(Standard CD-ROM drives)NECVMWar VMware SATA CD00cdrom.infMicrosoft20060621000000.****+*CD-ROM Drive10.0.19041.1266Microsoft Windows
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "name": "VMware VMCI Bus Device",
Source: mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <script type="text/javascript">window.data.push({"type":"log","data":{"lvl":"debug","tags":["quickstart","wmi"],"namespace":"systemScanner:wmi:collected","message":"localdiagnostics data from WMI","params":{"task":"localdiagnostics","data":{"Computer":{"Summary":{"Computer":{"Manufacturer":"vmware","Model":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Computer Type":"x64-based PC","Operating System":"Microsoft Windows 10 Pro","Internet Explorer":"11.789.19041.0","Computer Name":"user-PC","User Name":"user-PC\\user","Logon Domain":"9T45V","Date / Time":"Wed Oct 04 2023 13:02:16 GMT+0200 (W. Europe Summer Time)"},"Temperature":{},"Motherboard":{"CPU Type":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, 2000 MHz, 4-core","Motherboard Name":"Base Board","System Memory":"4096 MB","BIOS Type":"EO1CO (2022.11.21)"},"Display":{"Video Adapter":["UT3DDWT9P (1024 MB)"],"Monitor":["Default Monitor Default Monitor"]},"Multimedia":{"Audio Adapter":[]},"Storage":{"IDE Controller":[null,"Intel(R) 82371AB/EB PCI Bus Master IDE Controller","ATA Channel 0","ATA Channel 1"],"Disk Drive":["TY2WBMYM SCSI Disk Device (SMART OK)"],"Optical Drive":[]},"Partitions":{"Partition":["C: (NTFS) 208.15 GB (18.59 GB free)"]},"Input":{"Keyboard":["Standard PS/2 Keyboard"],"Mouse":["USB Input Device","PS/2 Compatible Mouse","USB Input Device"]},"Network":{"Network Adapter":["Microsoft Kernel Debug Network Adapter","Intel(R) 82574L Gigabit Network Connection (MAC EC:F4:BB:EA:15:88)","WAN Miniport (SSTP)","WAN Miniport (IKEv2)","WAN Miniport (L2TP)","WAN Miniport (PPTP)","WAN Miniport (PPPOE)","WAN Miniport (IP) (MAC 5A:8C:20:52:41:53)","WAN Miniport (IPv6) (MAC 60:B7:20:52:41:53)","WAN Miniport (Network Monitor) (MAC 6A:3D:20:52:41:53)"]},"Peripherals":{"Printer":["OneNote","OneNote (Desktop)","Microsoft XPS Document Writer","Microsoft Print to PDF","Fax"],"USB Controller":[null],"Battery":[]},"DMI":{"DMI BIOS Vendor":"L56PU","DMI BIOS Version":"EO1CO","DMI System Manufacturer":"VMware, Inc.","DMI System Product":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","DMI System Version":"None","DMI System Serial Number":"YYP1F3","DMI System UUID":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","DMI Motherboard Manufacturer":"ER92CEX396","DMI Motherboard Product":"NBFTB4BSLY","DMI Motherboard Version":"None","DMI Motherboard Serial Number":"0434673422260797","DMI Chassis Manufacturer":"No Enclosure","DMI Chassis Version":"N/A","DMI Chassis Serial Number":"None","DMI Chassis Asset Tag":"No Asset Tag","DMI Chassis Type":"Other"}},"Power Management":{"Power Management Properties":{},"Battery Properties":{}}},"Operating System":{"Operating System":{"Operating System Properties":{"OS Name":"Microsoft Windows 10 Pro","OS Language":"en-GB","OS Kernel Type":"Multiprocessor Free (64-bit)","OS Version":"10.0.19045","OS Installation Date":"Tue Oct 03 2023 09:57:18 GMT+0200 (W. Europe Summer Time)","OS Root":"C:\\Windows"},"License Information":{"Registered Owner":"hardz","Product ID":"00330-71388-77104-AAOEM"},"Cur
Source: mshta.exe, 00000002.00000003.1848686020.000000000C026000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UH_UP&DEV_1975&SUBSYS_15AD1975&REV_1001"]},{"deviceId":"ACPI\\VMW0001\\7","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ACPI\\VMW0001"]},{"deviceId":"ACPI\\PNP0200\\4&1BD7F811&0","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ACPI\\PNP0200"]},{"deviceId":"SWD\\MSRRAS\\MS_PPPOEMINIPORT","status":"OK","statusCode":0,"classGuid":"{4d36e972-e325-11ce-bfc1-08002be10318}","hardwareId":["SWD\\MSRRAS"]},{"deviceId":"PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00\\3&218E0F40&0&18","status":"OK","statusCode":0,"classGuid":"{4d36e96a-e325-11ce-bfc1-08002be10318}","hardwareId":["PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00"]},{"deviceId":"ROOT\\VDRVROOT\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VDRVROOT"]},{"deviceId":"ACPI\\ACPI0003\\1","status":"OK","statusCode":0,"classGuid":"{72631e54-78a4-11d0-bcf7-00aa00b7b32a}","hardwareId":["ACPI\\ACPI0003"]},{"deviceId":"SWD\\PRINTENUM\\{403E365F-43ED-4C49-9062-C8F014B3A645}","status":"OK","statusCode":0,"classGuid":"{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}","hardwareId":["SWD\\PRINTENUM"]},{"deviceId":"HID\\VID_0E0F&PID_0003&MI_00\\7&10DF666E&0&0000","status":"OK","statusCode":0,"classGuid":"{4d36e96f-e325-11ce-bfc1-08002be10318}","hardwareId":["HID\\VID_0E0F&PID_0003&MI_00","HID\\VID_0E0F&PID_0003&MI_00&MI_00"]},{"deviceId":"ROOT\\VOLMGR\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VOLMGR"]}],"model":{"type":"Other","vendor":"VMware","name":"user-PC","info":{"computerSystem":{"Manufacturer":"dhRa25mUHcgXWd2","Model":"hN3D7p9L","Caption":"user-PC"},"computerSystemProduct":{"Vendor":"VMware, Inc.","Name":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Version":"None"},"baseBoard":{"Product":"NBFTB4BSLY","Version":"None","Manufacturer":"ER92CEX396"}}},"windows":{"ver":"10.0","arch":"64","build":19045},"limit":5,"useRank":{"filter":false,"sort":true},"markers
Source: mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "DMI System Manufacturer": "VMware, Inc.",
Source: mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "Vendor": "VMware, Inc.",
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "deviceId": "SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\4&1656F219&0&000000",
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverVMware VMCI Bus DeviceSYSTEMPCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10PCI\VEN_15AD&DEV_0740&REV_10PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F{4d36e97d-e325-11ce-bfc1-08002be10318}PCI bus 0, device 7, function 7\Device\NTPNP_PCI0010VMware, Inc.oem2.infVMware, Inc.20211029000000.****+*VMware VMCI Bus Device9.8.18.0Microsoft Windows Hardware Compatibility Publisher[
Source: mshta.exe, 00000002.00000003.1786033931.000000000D751000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverMicrosoft Hyper-V Virtualization Infrastructure DriverSYSTEMROOT\VIDROOT\VID\0000{4d36e97d-e325-11ce-bfc1-08002be10318}\Device\00000003Microsoftwvid.infMicrosoft20060621000000.****+*Microsoft Hyper-V Virtualization Infrastructure Driver10.0.19041.1466Microsoft Windows
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: mshta.exe, 00000002.00000003.1786062031.000000000D713000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Generation Counter{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityMicrosoft Hyper-V Generation CounterACPI\VMW0001\7System.String[]MicrosoftMicrosoft Hyper-V Generation CounterSystemACPI\VMW0001\7gencounterOKWin32_ComputerSystemuser-PC1-
Source: mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "17.10.7 Online","action":"drivers statistics collected","lvl":"info","tags":[],"namespace":"driversStatistics:collected","params":{"driversStatistics":{"model":{"type":"Other","vendor":"VMware"},"windows":{"ver":"10.0","arch":"64","build":19045,"installDate":"20220616"},"devices":[{"device":{"deviceId":"SWD\\MSRRAS\\MS_NDISWANBH","hardwareId":["SWD\\MSRRAS"],"status":"OK","statusCode":0},"currentDriver":{"deviceId":"SWD\\MSRRAS
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRomNECVMWarVMware_SATA_CD001.00
Source: mshta.exe, 00000002.00000003.1901186540.000000000F1EB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\4&1656F219&0&000000"w
Source: mshta.exe, 00000002.00000003.1847142567.000000000D757000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Generation Counter",
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "deviceId": "SCSI\\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\\4&224F42EF&0&000000",
Source: mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "vendor": "VMware",
Source: mshta.exe, 00000002.00000003.1865796994.000000000F670000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "vendor": "VMware"
Source: mshta.exe, 00000002.00000003.1924070113.000000000D70E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 4D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1782884403.000000000D8C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.NonengCurren
Source: mshta.exe, 00000002.00000003.1786062031.000000000D713000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00
Source: mshta.exe, 00000002.00000003.1884482283.000000000E649000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "vendor": "VMware"
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782940699.000000000D8AD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786033931.000000000D751000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware VMCI Bus Device
Source: mshta.exe, 00000002.00000003.1928894844.000000000C0DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None0.7%20OnliP
Source: mshta.exe, 00000002.00000003.1847142567.000000000D757000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Virtualization Infrastructure Driver",
Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll18
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782940699.000000000D8AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure Driver{4d36e97d-e325-11ce-bfc1-08002be10318}Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure DriverROOT\VID\0000System.String[]MicrosoftMicrosoft Hyper-V Virtualization Infrastructure DriverSystemROOT\VID\0000VidOKWin32_ComputerSystemuser-PC
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverDisk driveDISKDRIVESCSI\DiskVMware__Virtual_disk____2.0_SCSI\DiskSCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000{4d36e967-e325-11ce-bfc1-08002be10318}Bus Number 0, Target Id 0, LUN 0\Device\00000023(Standard disk drives)VMware Virtual disk SCSI Disk Devicedisk.infMicrosoft20060621000000.****+*Disk drive10.0.19041.1865Microsoft WindowsR
Source: mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: mshta.exe, 00000002.00000003.1865796994.000000000F670000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865950348.000000000D757000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Generation Counter",
Source: mshta.exe, 00000002.00000003.1931128371.000000000D6A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 48-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1884433449.000000000F510000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884482283.000000000E649000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Generation Counter",
Source: mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <script type="application/json" class="data">{"type":"log","data":{"lvl":"debug","tags":["quickstart","wmi"],"namespace":"systemScanner:wmi:collected","message":"localdiagnostics data from WMI","params":{"task":"localdiagnostics","data":{"Computer":{"Summary":{"Computer":{"Manufacturer":"vmware","Model":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Computer Type":"x64-based PC","Operating System":"Microsoft Windows 10 Pro","Internet Explorer":"11.789.19041.0","Computer Name":"user-PC","User Name":"user-PC\\user","Logon Domain":"9T45V","Date / Time":"Wed Oct 04 2023 13:02:16 GMT+0200 (W. Europe Summer Time)"},"Temperature":{},"Motherboard":{"CPU Type":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, 2000 MHz, 4-core","Motherboard Name":"Base Board","System Memory":"4096 MB","BIOS Type":"EO1CO (2022.11.21)"},"Display":{"Video Adapter":["UT3DDWT9P (1024 MB)"],"Monitor":["Default Monitor Default Monitor"]},"Multimedia":{"Audio Adapter":[]},"Storage":{"IDE Controller":[null,"Intel(R) 82371AB/EB PCI Bus Master IDE Controller","ATA Channel 0","ATA Channel 1"],"Disk Drive":["TY2WBMYM SCSI Disk Device (SMART OK)"],"Optical Drive":[]},"Partitions":{"Partition":["C: (NTFS) 208.15 GB (18.59 GB free)"]},"Input":{"Keyboard":["Standard PS/2 Keyboard"],"Mouse":["USB Input Device","PS/2 Compatible Mouse","USB Input Device"]},"Network":{"Network Adapter":["Microsoft Kernel Debug Network Adapter","Intel(R) 82574L Gigabit Network Connection (MAC EC:F4:BB:EA:15:88)","WAN Miniport (SSTP)","WAN Miniport (IKEv2)","WAN Miniport (L2TP)","WAN Miniport (PPTP)","WAN Miniport (PPPOE)","WAN Miniport (IP) (MAC 5A:8C:20:52:41:53)","WAN Miniport (IPv6) (MAC 60:B7:20:52:41:53)","WAN Miniport (Network Monitor) (MAC 6A:3D:20:52:41:53)"]},"Peripherals":{"Printer":["OneNote","OneNote (Desktop)","Microsoft XPS Document Writer","Microsoft Print to PDF","Fax"],"USB Controller":[null],"Battery":[]},"DMI":{"DMI BIOS Vendor":"L56PU","DMI BIOS Version":"EO1CO","DMI System Manufacturer":"VMware, Inc.","DMI System Product":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","DMI System Version":"None","DMI System Serial Number":"YYP1F3","DMI System UUID":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","DMI Motherboard Manufacturer":"ER92CEX396","DMI Motherboard Product":"NBFTB4BSLY","DMI Motherboard Version":"None","DMI Motherboard Serial Number":"0434673422260797","DMI Chassis Manufacturer":"No Enclosure","DMI Chassis Version":"N/A","DMI Chassis Serial Number":"None","DMI Chassis Asset Tag":"No Asset Tag","DMI Chassis Type":"Other"}},"Power Management":{"Power Management Properties":{},"Battery Properties":{}}},"Operating System":{"Operating System":{"Operating System Properties":{"OS Name":"Microsoft Windows 10 Pro","OS Language":"en-GB","OS Kernel Type":"Multiprocessor Free (64-bit)","OS Version":"10.0.19045","OS Installation Date":"Tue Oct 03 2023 09:57:18 GMT+0200 (W. Europe Summer Time)","OS Root":"C:\\Windows"},"License Information":{"Registered Owner":"hardz","Product ID":"00330-71388-77104-AAOEM"},"Curren
Source: mshta.exe, 00000002.00000003.1884433449.000000000F510000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884482283.000000000E649000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Virtualization Infrastructure Driver",
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "manufacturer": "VMware, Inc.",
Source: drp.js.0.dr	Binary or memory string: if ([ /virtualbox/i, /vmware/i ].some(function(reg) {
Source: mshta.exe, 00000002.00000003.1886982602.000000000D897000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MI_00","HID\\VID_0E0F&PID_0003&MI_00&MI_00"]},{"deviceId":"ROOT\\VOLMGR\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VOLMGR"]}],"model":{"type":"Other","vendor":"VMware","name":"user-PC","info":{"computerSystem":{"Manufacturer":"dhRa25mUHcgXWd2","Model":"hN3D7p9L","Caption":"user-PC"},"computerSystemProduct":{"Vendor":"VMware, Inc.
Source: mshta.exe, 00000002.00000003.1782884403.000000000D8C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1865796994.000000000F670000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865950348.000000000D757000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Virtualization Infrastructure Driver",
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DiskVMware__Virtual_disk____2.0_
Source: mshta.exe, 00000002.00000003.1929376293.000000000E641000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1867117417.000000000D69F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tus":"OK","statusCode":0,"classGuid":"{4d36e972-e325-11ce-bfc1-08002be10318}","hardwareId":["SWD\\MSRRAS"]},{"deviceId":"PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00\\3&218E0F40&0&18","status":"OK","statusCode":0,"classGuid":"{4d36e96a-e325-11ce-bfc1-08002be10318}","hardwareId":["PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00"]},{"deviceId":"ROOT\\VDRVROOT\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VDRVROOT"]},{"deviceId":"ACPI\\ACPI0003\\1","status":"OK","statusCode":0,"classGuid":"{72631e54-78a4-11d0-bcf7-00aa00b7b32a}","hardwareId":["ACPI\\ACPI0003"]},{"deviceId":"SWD\\PRINTENUM\\{403E365F-43ED-4C49-9062-C8F014B3A645}","status":"OK","statusCode":0,"classGuid":"{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}","hardwareId":["SWD\\PRINTENUM"]},{"deviceId":"HID\\VID_0E0F&PID_0003&MI_00\\7&10DF666E&0&0000","status":"OK","statusCode":0,"classGuid":"{4d36e96f-e325-11ce-bfc1-08002be10318}","hardwareId":["HID\\VID_0E0F&PID_0003&MI_00","HID\\VID_0E0F&PID_0003&MI_00&MI_00"]},{"deviceId":"ROOT\\VOLMGR\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VOLMGR"]}],"model":{"type":"Other","vendor":"VMware","name":"user-PC","info":{"computerSystem":{"Manufacturer":"dhRa25mUHcgXWd2","Model":"hN3D7p9L","Caption":"user-PC"},"computerSystemProduct":{"Vendor":"VMware, Inc.","Name":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Version":"None"},"baseBoard":{"Product":"NBFTB4BSLY","Version":"None","Manufacturer":"ER92CEX396"}}},"windows":{"ver":"10.0","arch":"64","build":19045}
Source: mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None^
Source: mshta.exe, 00000002.00000003.1901453716.000000000F1F3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\4&1656F219&0&000000"
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None81228s

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Enables debug privileges

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Source: C:\Windows\SysWOW64\mshta.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: install_numarkidjliveii.exe PID: 6836, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\drp.js, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\nsn222C.tmp, type: DROPPED

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression"

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe"

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c powershell -noninteractive -nologo -noprofile -executionpolicy bypass "get-content 'c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.cmd.txt' -wait \| invoke-expression" > "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stderr.log"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c "netsh advfirewall firewall add rule name="driverpack aria2c.exe" dir=in action=allow program="c:\users\user\appdata\local\temp\driverpack-2024041790000\tools\aria2c.exe" \|\| echo done & call echo done %^errorlevel% > "c:\users\user\appdata\roaming\drpsu\temp\run_command_59771.txt""
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c powershell -noninteractive -nologo -noprofile -executionpolicy bypass "get-content 'c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.cmd.txt' -wait \| invoke-expression" > "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stderr.log"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c "netsh advfirewall firewall add rule name="driverpack aria2c.exe" dir=in action=allow program="c:\users\user\appdata\local\temp\driverpack-2024041790000\tools\aria2c.exe" \|\| echo done & call echo done %^errorlevel% > "c:\users\user\appdata\roaming\drpsu\temp\run_command_59771.txt""	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

0_2_0040435D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Modifies Internet Explorer zone settings

Source: C:\Windows\SysWOW64\mshta.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 1406

Jump to behavior

Modifies Internet Explorer zonemap settings

Source: C:\Windows\SysWOW64\reg.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update http			Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update https			Jump to behavior

Modifies the windows firewall

Source: C:\Windows\SysWOW64\mshta.exe

Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"

AV process strings found (often used to terminate AV products)

Source: mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1762525323.000000000C0D1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpywareProduct

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences			Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences			Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
87.117.235.115	auth.drp.su	United Kingdom	20860	IOMART-ASGB	false
77.88.21.119	mc.yandex.ru	Russian Federation	13238	YANDEXRU	false
172.67.209.192	allfont.ru	United States	13335	CLOUDFLARENETUS	false
87.250.250.119	unknown	Russian Federation	13238	YANDEXRU	false
37.9.8.75	update.drp.su	Russian Federation	49505	SELECTELRU	false

Contacted Domains

Name	IP	Active
mc.yandex.ru	77.88.21.119	true
auth.drp.su	87.117.235.115	true
update.drp.su	37.9.8.75	true
allfont.ru	172.67.209.192	true
mc.yandex.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A943650839%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A964748906%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A229434377%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A482164787%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A55722148%3Ax%3A32153%3Ay%3A0%3At%3A409%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A587143957%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A257828719%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761297770%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-1-ui-1)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A278268286%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A897563375%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A461435439%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002945535%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A657646641%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A986971658%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A107870281%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A531994509%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4)	false	high
http://update.drp.su/api/cleaner	false	high
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1066264284%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4)	false	high

AV Detection

Multi AV Scanner detection for submitted file

Source: install_numarkidjliveii.exe	ReversingLabs: Detection: 32%
Source: install_numarkidjliveii.exe	Virustotal: Detection: 43%			Perma Link

Uses 32bit PE files

Source: install_numarkidjliveii.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: unknown	HTTPS traffic detected: 172.67.209.192:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.88.21.119:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49756 version: TLS 1.2

Source:	Binary string: $^q7C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.pdb source: powershell.exe, 00000007.00000002.4091887623.0000000005472000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040810F FindFirstFileA,FindClose,	0_2_0040810F
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408592 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00408592
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00403411 FindFirstFileA,	0_2_00403411

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2037895 ET MALWARE Observed DNS Query to DriverPack Domain ( .drp .su) 192.168.2.4:52257 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2032357 ET MALWARE DriverPack Domain in DNS Query 192.168.2.4:52257 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2037895 ET MALWARE Observed DNS Query to DriverPack Domain ( .drp .su) 192.168.2.4:51224 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2032357 ET MALWARE DriverPack Domain in DNS Query 192.168.2.4:51224 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 87.117.235.115 87.117.235.115
Source: Joe Sandbox View	IP Address: 77.88.21.119 77.88.21.119
Source: Joe Sandbox View	IP Address: 87.250.250.119 87.250.250.119
Source: Joe Sandbox View	IP Address: 37.9.8.75 37.9.8.75
Source: Joe Sandbox View	IP Address: 37.9.8.75 37.9.8.75

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: allfont.ru
Source: global traffic	HTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A897563375%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A678962730%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A612501295%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10342.GydfnN1hdXfzFQMQDc44Q9HEARHRitoT-zHbErZ1LfApOqGOx2dpAKEBlffDSP0X.FDbPLjp3CwmBnIrB84hgd_gqR4I%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs72L_uu8aciMa61tJdTByjYa-tbhOlaiiH39pT7baN8uNFtHdS_OHUdCxokWI3ADXqSYlkJAoI11U2LG9IAAVMfj9hF4GTnDeZ3JeM0yaGM1yQij2zuY2nROj8Azk-nstTQTYGsNVujtqpADUt3taDrdRm6EVyuFO_c4AYpbuahbEDArxuzadVBhxNsww2eyQSA%2C.ol5KyN6CWxJartpTnqUpSoDvL58%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-1-ui-1)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/46420341?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-2-ui-2)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/33423178?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-1-ui-1%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2595979941713337225; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=/SZrgNStdKMhZ8vyo2shk0RJcsq6ZXOxCbkj+zxmRO4aLAVN+JWX77m5VM/qN11pKg+5ZBPiPvYTHAFII2UziHGmqGg=; yandexuid=4952632461713337225; yashr=917947241713337224; ymex=1744873225.yrts.1713337225#1744873225.yrtsi.1713337225
Source: global traffic	HTTP traffic detected: GET /watch/46420341/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-2-ui-2%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2434634081713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=+IKtjNesybxvl+KvCxQbpd594Of1UCAUMsF5bRvRt7L5HaUVbVp6ap2riCF7HQ4cuSMi2njyKTb2cT6IzHLNOTb52Yk=; yandexuid=1099871741713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A586458861%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A308329436%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A465185448%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check_secondary HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: POST /watch/30541482/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A214461765%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A773616488%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10342.B9GRQGs8pmFo4Lpumi1YsPekH6Wn-dIjJLwvGPbbQ1eJKLj_bAn82ZnOl54KYAAI.1xRHuRcvWLbyzFhxh9nui86ekQk%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212; sync_cookie_csrf=1872351521fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A282648834%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A980287809%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A412757713%3Ax%3A32101%3Ay%3A0%3At%3A124%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide_secondary?token=10342.8DQ7Eax45To7u64iM9xyxJV_sEskpVw_Hpk4uo3tqJKOVdNBO6L_-tc6xT04jXckQ8lLcif2_DSC3Sw-toGMsh67nskZysqcZOpgF4RnVAgNeKIu5y9DlJ6-z9iv_roF8gjucku2g4RFJ7hyUOrJXFiXyUlBSCQcZqtGo36vrSLsURhlsIR5761apRMdg9AUqPLU-n4ozlwdiKET0oy_BpNCzUke6y4-1_CIgybW1eg%2C.5uR-FSAzPgVA1_iGgbSCUE-hCcU%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A450156105%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A195840207%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A257828719%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A258617496%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A388750787%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A934793483%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A107870281%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1039018753%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A838339832%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A789989460%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A221157092%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A720320934%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: POST /watch/33423178/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A755637487%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A1022775656%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A419309610%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A943119066%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A969684426%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A723322787%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A111877172%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A265724439%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A556610360%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A286026980%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A653810575%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: POST /watch/46420341/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337228_91dc45f5f1244bfe734fb20d795a95f26039603f3620d6e46615bf54ddecb2dd&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A968100679%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A738440973%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A531994509%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522654328%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A199610596%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A952683707%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1051383922%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A55722148%3Ax%3A32153%3Ay%3A0%3At%3A409%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A97942981%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A848560597%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A375635206%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A986971658%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A266246763%3Ax%3A32101%3Ay%3A0%3At%3A463%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021695890%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A505792363%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A135342147%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A960259864%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A782495120%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A581394745%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A315552122%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1000405654%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A730110411%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A957482948%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A662108354%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A401714213%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1055556027%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A602837488%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1066264284%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A454302231%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002354999%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A909468003%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761297770%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A748021066%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A964748906%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A16650997%3Ax%3A32101%3Ay%3A0%3At%3A919%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002945535%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A293368331%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A280109737%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A751307617%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A147919798%3Ax%3A32101%3Ay%3A0%3At%3A975%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A133735897%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A608498649%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A473289209%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A271187365%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859497283%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A836304924%3Ax%3A32153%3Ay%3A0%3At%3A1097%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054368760%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A539433115%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021854622%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A805199689%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859327609%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A330914073%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A340299571%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A825498394%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A732461021%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A166627184%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A984388053%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054540317%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A123813360%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A688033795%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A520487442%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A361877600%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A481267253%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A762298943%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A96632639%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A595747434%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A854761415%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A767535879%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1005898635%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A421332578%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A278268286%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A437535754%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A888624274%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A780451455%3Ax%3A32153%3Ay%3A0%3At%3A1675%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A211895753%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A281818874%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A759531647%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A988071375%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A534436396%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A482164787%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A360824213%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A392962516%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A663925208%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A461435439%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A229434377%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A953081350%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A978993371%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A943650839%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A705320347%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A913191786%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A33142640%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A771977770%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A656454067%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522215435%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A843582498%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A657646641%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A649697059%3Ax%3A32153%3Ay%3A0%3At%3A2083%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A894681420%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A415632174%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A587143957%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393003063%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393235588%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761234334%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: allfont.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/session HTTP/1.1Accept: /Content-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: auth.drp.suContent-Length: 2Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 0x-drp-client-time: 2024-04-17T07:00:10.375ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 192Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/soft/?callback HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: update.drp.su
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 1x-drp-client-time: 2024-04-17T07:00:10.377ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 191Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 3x-drp-client-time: 2024-04-17T07:00:10.380ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 132Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 2x-drp-client-time: 2024-04-17T07:00:10.379ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 191Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 4x-drp-client-time: 2024-04-17T07:00:10.382ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 177Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 5x-drp-client-time: 2024-04-17T07:00:10.383ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 110Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 6x-drp-client-time: 2024-04-17T07:00:10.385ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 90Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 7x-drp-client-time: 2024-04-17T07:00:10.444ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 137Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 8x-drp-client-time: 2024-04-17T07:00:10.446ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 113Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 9x-drp-client-time: 2024-04-17T07:00:11.730ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 502Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 10x-drp-client-time: 2024-04-17T07:00:13.934ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 99Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 11x-drp-client-time: 2024-04-17T07:00:13.964ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1284Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 12x-drp-client-time: 2024-04-17T07:00:14.086ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1282Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 13x-drp-client-time: 2024-04-17T07:00:19.866ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 97Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/select HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 14x-drp-client-time: 2024-04-17T07:00:19.867ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 16467Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/user-choice/driver/retrieve HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 15x-drp-client-time: 2024-04-17T07:00:19.870ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 2Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 16x-drp-client-time: 2024-04-17T07:00:21.061ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 17x-drp-client-time: 2024-04-17T07:00:23.122ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 229Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 18x-drp-client-time: 2024-04-17T07:00:23.123ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 122Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 19x-drp-client-time: 2024-04-17T07:00:23.138ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 873Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 20x-drp-client-time: 2024-04-17T07:00:23.169ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 32741Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 22x-drp-client-time: 2024-04-17T07:00:25.109ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 97Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 23x-drp-client-time: 2024-04-17T07:00:25.113ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 155Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/cleaner HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 24x-drp-client-time: 2024-04-17T07:00:25.114ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 2597Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 25x-drp-client-time: 2024-04-17T07:00:27.847ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 130Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 26x-drp-client-time: 2024-04-17T07:00:27.881ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1282Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 27x-drp-client-time: 2024-04-17T07:00:27.919ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 176Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 28x-drp-client-time: 2024-04-17T07:00:28.246ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 186Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 29x-drp-client-time: 2024-04-17T07:00:28.255ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1358Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 30x-drp-client-time: 2024-04-17T07:00:28.260ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 147Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 31x-drp-client-time: 2024-04-17T07:00:28.270ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 165Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 32x-drp-client-time: 2024-04-17T07:00:28.277ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 153Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 33x-drp-client-time: 2024-04-17T07:00:28.279ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1300Connection: Keep-AliveCache-Control: no-cache

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: allfont.ru
Source: global traffic	HTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A897563375%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A678962730%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A612501295%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10342.GydfnN1hdXfzFQMQDc44Q9HEARHRitoT-zHbErZ1LfApOqGOx2dpAKEBlffDSP0X.FDbPLjp3CwmBnIrB84hgd_gqR4I%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs72L_uu8aciMa61tJdTByjYa-tbhOlaiiH39pT7baN8uNFtHdS_OHUdCxokWI3ADXqSYlkJAoI11U2LG9IAAVMfj9hF4GTnDeZ3JeM0yaGM1yQij2zuY2nROj8Azk-nstTQTYGsNVujtqpADUt3taDrdRm6EVyuFO_c4AYpbuahbEDArxuzadVBhxNsww2eyQSA%2C.ol5KyN6CWxJartpTnqUpSoDvL58%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-1-ui-1)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/46420341?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-2-ui-2)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/33423178?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-1-ui-1%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2595979941713337225; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=/SZrgNStdKMhZ8vyo2shk0RJcsq6ZXOxCbkj+zxmRO4aLAVN+JWX77m5VM/qN11pKg+5ZBPiPvYTHAFII2UziHGmqGg=; yandexuid=4952632461713337225; yashr=917947241713337224; ymex=1744873225.yrts.1713337225#1744873225.yrtsi.1713337225
Source: global traffic	HTTP traffic detected: GET /watch/46420341/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-2-ui-2%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2434634081713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=+IKtjNesybxvl+KvCxQbpd594Of1UCAUMsF5bRvRt7L5HaUVbVp6ap2riCF7HQ4cuSMi2njyKTb2cT6IzHLNOTb52Yk=; yandexuid=1099871741713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A586458861%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A308329436%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A465185448%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check_secondary HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A773616488%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10342.B9GRQGs8pmFo4Lpumi1YsPekH6Wn-dIjJLwvGPbbQ1eJKLj_bAn82ZnOl54KYAAI.1xRHuRcvWLbyzFhxh9nui86ekQk%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212; sync_cookie_csrf=1872351521fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A282648834%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A980287809%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A412757713%3Ax%3A32101%3Ay%3A0%3At%3A124%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide_secondary?token=10342.8DQ7Eax45To7u64iM9xyxJV_sEskpVw_Hpk4uo3tqJKOVdNBO6L_-tc6xT04jXckQ8lLcif2_DSC3Sw-toGMsh67nskZysqcZOpgF4RnVAgNeKIu5y9DlJ6-z9iv_roF8gjucku2g4RFJ7hyUOrJXFiXyUlBSCQcZqtGo36vrSLsURhlsIR5761apRMdg9AUqPLU-n4ozlwdiKET0oy_BpNCzUke6y4-1_CIgybW1eg%2C.5uR-FSAzPgVA1_iGgbSCUE-hCcU%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A450156105%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A195840207%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A257828719%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A258617496%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A388750787%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A934793483%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A107870281%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1039018753%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A838339832%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A789989460%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A221157092%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A720320934%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A1022775656%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A419309610%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A943119066%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A969684426%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A723322787%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A111877172%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A265724439%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A556610360%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A286026980%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A653810575%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A738440973%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A531994509%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522654328%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A199610596%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A952683707%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1051383922%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A55722148%3Ax%3A32153%3Ay%3A0%3At%3A409%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A97942981%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A848560597%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A375635206%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A986971658%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A266246763%3Ax%3A32101%3Ay%3A0%3At%3A463%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021695890%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A505792363%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A135342147%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A960259864%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A782495120%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A581394745%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A315552122%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1000405654%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A730110411%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A957482948%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A662108354%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A401714213%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1055556027%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A602837488%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1066264284%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A454302231%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002354999%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A909468003%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761297770%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A748021066%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A964748906%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A16650997%3Ax%3A32101%3Ay%3A0%3At%3A919%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002945535%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A293368331%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A280109737%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A751307617%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A147919798%3Ax%3A32101%3Ay%3A0%3At%3A975%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A133735897%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A608498649%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A473289209%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A271187365%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859497283%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A836304924%3Ax%3A32153%3Ay%3A0%3At%3A1097%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054368760%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A539433115%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021854622%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A805199689%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859327609%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A330914073%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A340299571%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A825498394%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A732461021%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A166627184%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A984388053%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054540317%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A123813360%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A688033795%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A520487442%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A361877600%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A481267253%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A762298943%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A96632639%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A595747434%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A854761415%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A767535879%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1005898635%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A421332578%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A278268286%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A437535754%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A888624274%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A780451455%3Ax%3A32153%3Ay%3A0%3At%3A1675%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A211895753%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A281818874%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A759531647%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A988071375%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A534436396%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A482164787%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A360824213%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A392962516%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A663925208%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A461435439%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A229434377%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A953081350%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A978993371%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A943650839%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A705320347%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A913191786%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A33142640%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A771977770%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A656454067%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522215435%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A843582498%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A657646641%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A649697059%3Ax%3A32153%3Ay%3A0%3At%3A2083%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A894681420%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A415632174%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A587143957%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393003063%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393235588%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761234334%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: allfont.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/soft/?callback HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: update.drp.su

Source: unknown

DNS traffic detected: queries for: allfont.ru

Source: unknown

Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E20000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E20000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686824877.0000000008E20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/
Source: mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console
Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console&
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console);.header
Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console4
Source: mshta.exe, 00000002.00000003.1686824877.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-consolei
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auth.drp.su
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auth.drp.su/api/session
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auth.drp.su/api/session6F
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://community.drp.su/topic/8266/how-to-remove-driverpack
Source: install_numarkidjliveii.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: install_numarkidjliveii.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: install_numarkidjliveii.exe	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: mshta.exe, 00000002.00000003.1761250279.000000000D67A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driv
Source: mshta.exe, 00000002.00000003.1760628329.000000000D67F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360ts.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360tsNew.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360tsOld.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360tsOld.execonfirmPopup.descriptionconfirmPopup.description.enconfirmP
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/7-Zip.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/7-Zip.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/AIMP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/AIMP.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Backupper.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Backupper.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Chrone.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Chrone.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DirectX.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DirectX.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DotNet.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DotNet.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DotNetXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FSImage.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FSImage.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Firefox.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FirefoxEn.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FirefoxEn.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FirefoxRu.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FlashPlayer.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FlashPlayer.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FoxitReader.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FoxitReader.exe7
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FoxitReader.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/K-Lite.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/K-Lite.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/K-LiteXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle_win7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle_win7.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle.exeDescription.enDescription.ru4
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle_win7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle_win7.exeDescription.enDescription.rud
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink64.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink64_win7.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink_win7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink_win7.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaXP.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/PotPlayer.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/PotPlayer.exeH
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/PotPlayer.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/RuntimePack.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/RuntimePack.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SearcherBar.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SearcherBar.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Skype.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SkypeNew.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SkypeXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/TeamViewer.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/TeamViewer.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/VisualCplus.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/VisualCplus.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRAR.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Br.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Br.exeDescription.enDescription.ruPTU
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Eng.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Rus.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Rus.exeDescription.enDescription.rudaU
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Yandex.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/ab/4/Internet-Start.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/ab/downloader_browser.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/internet_start.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/uTorrent.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/uTorrent.png
Source: mshta.exe, 00000002.00000003.1763142428.000000000D690000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761124279.000000000D68A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760628329.000000000D67F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus10.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus10.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus7.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus8.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus8.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus81.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus81.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/AsusXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell10.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell10.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell7.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell81.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell81.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/DriverPack-Alice.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/FujitsuNT.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/HPNT.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/MSI64.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/MSI64.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/MSI86.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/ToshibaNT.exe
Source: mshta.exe, 00000002.00000003.1786062031.000000000D713000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/V
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/VizioNT.exe
Source: drp.js.0.dr	String found in binary or memory: http://dl.drp.su
Source: mshta.exe, 00000002.00000003.1905187770.000000000F2AF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1904906240.000000000F2A6000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1905056715.000000000F2A7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/driverpacks/repack/MassStorage/LSI/FORCED/5x64/SAS_1.34.03/LSI-FORCED-5x64-SAS_1.34
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/360ts.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/360tsNew.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/7-Zip.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/7-Zip.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AIMP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AIMP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AvastAntivirus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AvastAntivirusA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AvastAntivirusWorldwideA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Backupper.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Backupper.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Chrone.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Chrone.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DirectX.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DirectX.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DotNet.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DotNet.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DotNetXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DriverPack-Cloud-New.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DriverPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FSImage.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FSImage.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox64en.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox64ru.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox86en.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox86ru.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FlashPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FlashPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/K-Lite.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/K-Lite.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Opera.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Opera64cis_woGoogle.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Opera86cis_woGoogle.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaBlink.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaBlink64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaXP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PDFViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PDFViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PotPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PotPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/RuntimePack.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/RuntimePack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Skype.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Skype.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/SkypeXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/TeamViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/TeamViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/VisualCplus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/VisualCplus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRAR.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRARx86Br.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRARx86Eng.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRARx86Rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Yandex.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/YandexLiteUSA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/YandexPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/internet_start.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/empty.cmd
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/wcry_patch_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/wcry_smb_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows7-kb4012212-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows7-kb4012212-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8.1-kb4012213-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8.1-kb4012213-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windowsxp-kb4012598-x86-custom-enu.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windowsxp-kb4012598-x86-custom-rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/uTorrent.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/uTorrent.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus8.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/AsusXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Dell10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Dell7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Dell81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/FujitsuNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/HPNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/MSIx64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/MSIx86.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/ToshibaNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/VizioNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://dl.drp.su/updates/beetle
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/updates/ya-downloader/downloader_browser.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/updates/ya-downloader/downloader_elements.exe
Source: drp.js.0.dr	String found in binary or memory: http://download.driverpacks.net
Source: drp.js.0.dr	String found in binary or memory: http://download.drp.su
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/17-online/DriverPack-17-Online.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/1074CBD200BFFA29C675BCCDD3D57800.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/137B107B11BC904FCCEFE14AB625FA7F.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/1C4C655B028F246E77B97465CDE78B02.png
Source: mshta.exe, 00000002.00000003.1924070113.000000000D72A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/2601EE98B41E8800E63FAF547D46059E.png
Source: mshta.exe, 00000002.00000003.1924070113.000000000D72A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/298FA6E90D6DAE33BBEBE4ABD99307FF.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/4157251F9FB77BBB33508F8AE6F93E4D.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/44E73F3C92E551742A13ED5FE352DE77.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/456022F12008313E6B7E1412FFE3FE1B.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/91EC006ED46884324AEE90DF1D331644.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/986ADC545FA5BFDD736DBF5AFB90D384.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/A7E0E51E2D06CBE71986E6E5100E7151.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/D1618DE8AA6B69CB87DD29DCF0EAF769.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/E38CFFEAD913423A620C3914CEF36C7C.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/F803D99FCBEE0DAEEDDF626262584917.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/FEF2BD7EC16BC959302A18A342650D53.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/winrar.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/yandex_browser_manager.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Chipset/Intel/WinAll/Chipset/9.3.2.1020_NEW/Intel-WinAll-C
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/Allx86/10.1.0.1008_rst/Intel-FORC
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/Allx86/11.2.0.1006_TWEAK/Intel-FO
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/Allx86/8.9.8.1005_TWEAK/Intel-FOR
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/NTx86/12.8.6.1000_TWEAK/Intel-FOR
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/Asus_6.10.6233.224/IDT-AllNTx64x
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/ECS_6.10.6207.2/IDT-AllNTx64x86-
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/HP_6.10.6233.266/IDT-AllNTx64x86
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/Lenovo_6.10.6233/IDT-AllNTx64x86
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/7-Zip.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/7-Zip.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AIMP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AIMP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AvastAntivirus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AvastAntivirusA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AvastAntivirusWorldwideA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Backupper.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Backupper.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DirectX.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DirectX.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DotNet.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DotNet.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DotNetXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack-Cloud-New.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack-Cloud.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack-Notifier.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FSImage.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FSImage.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Firefox.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Firefox.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FlashPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FlashPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/K-Lite.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/K-Lite.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Opera.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaBlink.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaBlink64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaXP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PDFViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PDFViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PotPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PotPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/RuntimePack.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/RuntimePack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Skype.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Skype.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/SkypeXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/TeamViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/TeamViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/VisualCplus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/VisualCplus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRAR.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRARx86Br.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRARx86Eng.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRARx86Rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Yandex.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/YandexLiteUSA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/YandexPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/empty.cmd
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/wcry_patch_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/wcry_smb_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows7-kb4012212-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows7-kb4012212-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8.1-kb4012213-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8.1-kb4012213-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windowsxp-kb4012598-x86-custom-enu.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windowsxp-kb4012598-x86-custom-rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/uTorrent.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/uTorrent.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/stable/DriverPack-Online-lts-17-6-12.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus8.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/AsusXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Dell10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Dell7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Dell81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/FujitsuNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/HPNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/MSIx64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/MSIx86.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/ToshibaNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/VizioNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/updates/ya-downloader/downloader_browser.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/updates/ya-downloader/downloader_browser_tr.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/updates/ya-downloader/downloader_elements.exe
Source: install_numarkidjliveii.exe, install_numarkidjliveii.exe, 00000000.00000002.1683416761.0000000000412000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://downloader.yandex.net/yandex-pack/do
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://downloader.yandex.net/yandex-pack/downloader/info.rssDownloading
Source: mshta.exe, 00000002.00000003.1825092473.000000000C035000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847444165.000000000C07F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1854528256.000000000C07F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1905610057.000000000F161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://drp.su/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://drp.su/error/noscript/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://fb.me/react-devtools
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://fb.me/react-warning-keys
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://fb.me/react-warning-polyfills
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/1wAmHx
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/4Y4pDk
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/6Vqhm0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/8FZo5V
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/916lJJ
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/9ITlV0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/DT1qyG
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/EC22Yn
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/KsIlge
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/LhFpo0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/OsFKC8
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/hPuiwB
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/hc1DLj
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/iWrZbw
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/m3OTXk
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/o84o68
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/s8MMhc
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/sdkXL9
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://new.internet-start.net/?q=
Source: install_numarkidjliveii.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: install_numarkidjliveii.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ocsp.thawte.com0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://online.drp.su/
Source: mshta.exe, 00000002.00000003.1901453716.000000000F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://online.drp.su/driverpack_online/api_response_received/17.10.7_online
Source: mshta.exe, 00000002.00000003.1931970995.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://online.drp.su/driverpack_online/gdpr_popup_showed/17.10.7_online
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4095931400.00000000073C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000007.00000002.4091887623.0000000004EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://static.drp.su/update/logs/script.js
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://static.drp.su/update/logs/style.css
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su
Source: mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/
Source: mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/;YU
Source: mshta.exe, 00000002.00000003.1851479660.000000000D5B4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889545060.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890604360.000000000D5B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887394083.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932103729.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5B4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890448098.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925479515.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930453589.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/C
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/U
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1892936292.000000000D573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890448098.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1931128371.000000000D6A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleaner
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanerK
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanerMX
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleaner_
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleaneraX;
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanertVersion
Source: mshta.exe, 00000002.00000003.1887394083.000000000D573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1892936292.000000000D573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanery
Source: mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su/api/events
Source: mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events)
Source: mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events);
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/kSolution.html
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932746227.000000000D90A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/kSolution.html0
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932746227.000000000D90A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/kSolution.html0s_other.0
Source: mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events:
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsA8050
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsO
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsOD
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsQ
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsXO
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsce
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsd
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsocal/Temp/DriverPack-2024041790000/css/proximanova.css
Source: mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventssoft
Source: mshta.exe, 00000002.00000003.1886982602.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su/api/logs
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs0
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs2A&
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs5
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs6O
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1885957062.000000000D798000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887008788.000000000D798000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888539563.000000000D79F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D78E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs7
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs9:
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs;
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsE0.
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsFA
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsG
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787776238.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsJ
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsMA
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsRO
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsS
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsT
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsX
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsY
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsYi
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs_
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsa
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logscO
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsh
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsq
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsr
Source: mshta.exe, 00000002.00000003.1821703159.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825764669.000000000D8E5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1824560475.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825992676.000000000D8F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782884403.000000000D8C9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logss
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsv
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsw
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886838189.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886982602.000000000D897000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logswY
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs~
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848324923.000000000E7F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/select
Source: mshta.exe, 00000002.00000003.1848324923.000000000E7F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/select?M
Source: mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/selectL
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/selectO
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/selectz
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve.(
Source: mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve0
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve?(
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieveG(
Source: mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieveH
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrievea
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su/firebug/firebug-lite-debug.js
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/h
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/q
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/v2/
Source: mshta.exe, 00000002.00000003.1853844743.000000000C0A8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/v2/soft/?callback
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su:80/v2/soft/?callbackika/watch.js...E
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.suL
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4095931400.00000000073C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Open
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1708680352.000000000BFD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoLightWebfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoThinWebfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1708680352.000000000BFD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Webfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://www.google-analytics.com/collect
Source: mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-58593486-1&cid=589230014.4837132694&t=even
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860913261.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888643545.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889202329.000000000D7F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866113292.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-68879973-2
Source: mshta.exe, 00000002.00000003.1928894844.000000000C0DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902979908.000000000F271000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927427442.000000000E886000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866809798.000000000D90A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D540000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902650902.000000000F261000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D78E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902740292.000000000F263000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1893429908.000000000D90F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887587139.000000000D90A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902896216.000000000F270000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902786078.000000000F268000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928894844.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-68879973-23&cid=589230014.4837132694&t=eve
Source: mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-68879973-26&cid=589230014.4837132694&t=eve
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860913261.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888643545.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889202329.000000000D7F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866113292.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-69093127-16&cid=589230014.48371326
Source: mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-69093127-16&cid=589230014.4837132694&t=eve
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&tid=UA-68879973-6&aip=1
Source: mshta.exe, 00000002.00000003.1686295373.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.marksimonson.comM
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008DDB000.00000004.00000020.00020000.00000000.sdmp, proxima_nova_semibold-webfont.eot.0.dr	String found in binary or memory: http://www.marksimonson.comhttp://www.marksimonson.comhttp://www.ms-studio.com/FontSales/msslicensea
Source: mshta.exe, 00000002.00000003.1686295373.0000000008DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.marksimonson.comhttp://www.ms-studio.com/FontSales/msslicenseagreement.htmlWebfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://www.msftncsi.com/ncsi.txt
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com/eula/computers
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com/privacy
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com/ru/computer/features
Source: powershell.exe, 00000007.00000002.4091887623.0000000004EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://allfont.ru/
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://allfont.ru/allfont.css?fonts=lucida-console
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://allfont.ru/l
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787776238.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxwindow.modelDatawindow.modelData.typewindow.modelData
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ar/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/az/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/be/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, bg.js.0.dr	String found in binary or memory: https://driverpack.io/bg/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/bn/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ca/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/cs/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, de.js.0.dr	String found in binary or memory: https://driverpack.io/de/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/el/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/es-419/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/es/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, et.js.0.dr	String found in binary or memory: https://driverpack.io/et/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/fa/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/fr/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/gu/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/hi/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/hu/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/hy/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/id/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/it/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ka/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ko/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ku/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/nl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/no/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/om/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/pl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/pt-pt/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ro/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/sk/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/sr/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/sw/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ta/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/te/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/tg/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/th/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/tl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/uk/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ur/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/uz/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, vi.js.0.dr	String found in binary or memory: https://driverpack.io/vi/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/yo/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/zh-cn/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: https://drp.su/
Source: install_numarkidjliveii.exe	String found in binary or memory: https://drp.su/0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr	String found in binary or memory: https://drp.su/en/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/pt-br/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/ru/catalog
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/ru/cloud
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/ru/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/sl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/sq/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/tr/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, zh.js.0.dr	String found in binary or memory: https://drp.su/zh/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747365851.000000000DF61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782506271.000000000E3D0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1769352059.000000000DF61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787776238.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782611297.000000000DEC0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782567835.000000000E380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getyabrowser.com
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://getyabrowser.comDescription.en
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4095931400.00000000073C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iframe-tasks.yandex
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iframe-toloka.com
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686824877.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.co
Source: mshta.exe, 00000002.00000003.1887394083.000000000D542000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com
Source: mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889202329.000000000D7F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/$
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/.sValueName(
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/AppData/Local/Temp/DriverPack-2024041790000/DriverPackSolution.html&3
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/ata
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/b
Source: mshta.exe, 00000002.00000003.1887238401.000000000E87F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1998636339.000000000F3F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal
Source: mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855324168.000000000C01A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal
Source: mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1998636339.000000000F3F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/e.drp.su/api/events21~~local~~/
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/erPack-2024041790000/DriverPackSolution.html
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/l
Source: mshta.exe, 00000002.00000003.1887625182.000000000E81F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930641132.000000000E823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gif
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gif/DriverPack-2024041790000/css/icons-checkbox.css
Source: mshta.exe, 00000002.00000003.1866625586.000000000E81F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848369159.000000000E82E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1861118515.000000000E82E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1892575034.000000000E82C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887625182.000000000E81F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gifB
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gifor
Source: mshta.exe, 00000002.00000003.1866625586.000000000E81F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848369159.000000000E82E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1861118515.000000000E82E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gifr
Source: mshta.exe, 00000002.00000003.1884764232.000000000D670000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889836044.000000000D670000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886782054.000000000D670000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cooki
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_check
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_checkX2
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_checkerPack-2024041790000/css/fonts/Open-Sans/opensans-regul
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_checkk2
Source: mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs
Source: mshta.exe, 00000002.00000003.1987754412.000000000DF09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLoc
Source: mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa
Source: mshta.exe, 00000002.00000003.1987754412.000000000DF09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fappli
Source: mshta.exe, 00000002.00000003.1886782054.000000000D670000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData
Source: mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888993126.000000000C0CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928894844.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890258342.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/33423178?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData
Source: mshta.exe, 00000002.00000003.1887162106.000000000D6F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891524730.000000000D692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/46420341/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/46420341?wmode=7&page-url=fi
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888993126.000000000C0CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887587139.000000000D90A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865950348.000000000D78E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890258342.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/46420341?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.md/cc
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/GTA5/?utm_source=driverpack&utm_medium=referral&utm_campaign=Games
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/Hitman_demo/?utm_source=driverpack&utm_medium=referral&utm_term=Hitman&u
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/Resident_evil_7_Demo/?utm_source=driverpack&utm_medium=referral&utm_term
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/mafia3_demo/?utm_source=driverpack&utm_medium=referral&utm_term=mafia3&u
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/overwatch/?utm_source=driverpack&utm_medium=referral&utm_campaign=Games
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/sid_meiers_civilization_vi_demo/?utm_source=driverpack&utm_medium=referr
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/games/?utm_source=driverpack&utm_medium=referral&utm_campaign=Games
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/intro_doom/?utm_source=driverpack&utm_medium=referral&utm_term=doom&utm_conte
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/intro_witcher3/?utm_source=driverpack&utm_medium=referral&utm_term=witcher3&u
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/reg/?utm_source=driverpack&utm_medium=referral&utm_term=reg&utm_campaign=driv
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s3.mds.yandex.net/internal-metrika-betas
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sdi-tool.org/yandex_games.ico
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sdi-tool.org/yandex_pogoda.ico
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/games
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/gameslnk1.WindowStylelnk1.IconLocation
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1763142428.000000000D690000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761124279.000000000D68A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1763230331.000000000D693000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/meteum
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/meteumlnk2.WindowStylelnk2.IconLocation
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: https://vk.com/driverpacksolution
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/driverpacksolution?w=wall-29220845_58256
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/driverpacksolution?w=wall-29220845_61453
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/driverpacksolution?w=wall-29220845_63691
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742910
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742915
Source: mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/topic-29220845_347429158#N
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742952
Source: mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/topic-29220845_34742952p
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742960
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742983
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742999
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34743004
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34743007
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34743011
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/license/360-total-security/
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/privacy/
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/privacy/Description.en
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/free-antivirus-download
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.ru/free-antivirus-download
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.ru/privacy-policy
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.fontsquirrel.com)
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: https://www.google-analytics.com/collect
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/about/legal/eula/
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/Description.endWU
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/computer
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/computerDescription.en
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com/an/sync_cookie
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com/legal/browser_agreement/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com/legal/privacy/
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/gdpr/v3/gdpr
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/metrika
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/metrika/2.1540128042.1/form-selector/button_ru.js
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ymetrica1.com/watch/3/1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 172.67.209.192:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.88.21.119:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49756 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

0_2_004070F7

System Summary

Creates HTA files

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\run.hta	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\modules\bugreport.hta	Jump to behavior

Writes or reads registry keys via WMI

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

0_2_0040435D

Detected potential crypto function

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00421A12	0_2_00421A12
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00421CD7	0_2_00421CD7
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00424CE6	0_2_00424CE6
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004208F0	0_2_004208F0
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00424D63	0_2_00424D63
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0042096D	0_2_0042096D
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00423F0E	0_2_00423F0E
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0041CD3A	0_2_0041CD3A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004217EE	0_2_004217EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 7_2_0480947F	7_2_0480947F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 7_2_04808507	7_2_04808507

PE / OLE file has an invalid certificate

Source: install_numarkidjliveii.exe

Static PE information: invalid certificate

Sample file is different than original file name gathered from version info

Source: install_numarkidjliveii.exe	Binary or memory string: OriginalFilename vs install_numarkidjliveii.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1683416761.0000000000412000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedownloader.exeB vs install_numarkidjliveii.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemicrostub.exeL vs install_numarkidjliveii.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedownloader.exeB vs install_numarkidjliveii.exe

Searches for the Microsoft Outlook file path

Source: C:\Windows\SysWOW64\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Uses 32bit PE files

Source: install_numarkidjliveii.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Uses reg.exe to modify the Windows registry

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Process created: C:\Windows\SysWOW64\reg.exe C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg"

Source: classification engine

Classification label: mal100.phis.spyw.expl.evad.winEXE@29/417@5/5

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_00405C30 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,GetDiskFreeSpaceA,MulDiv,

0_2_00405C30

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_0040296E CoCreateInstance,MultiByteToWideChar,

0_2_0040296E

Source: C:\Windows\SysWOW64\mshta.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\allfont[1].css

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7160:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7312:120:WilError_03

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

File created: C:\Users\user\AppData\Local\Temp\nsd21ED.tmp

Jump to behavior

Source: install_numarkidjliveii.exe

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" hardware"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" drivers"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" newsoft"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" localdiagnostics"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Handle = "7916"

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep

Source: install_numarkidjliveii.exe	ReversingLabs: Detection: 32%
Source: install_numarkidjliveii.exe	Virustotal: Detection: 43%

Source: install_numarkidjliveii.exe

String found in binary or memory: 3http://crl.usertrust.com/AddTrustExternalCARoot.crl05

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

File read: C:\Users\user\Desktop\install_numarkidjliveii.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\install_numarkidjliveii.exe "C:\Users\user\Desktop\install_numarkidjliveii.exe"
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\reg.exe C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg"
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\mshta.exe C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta
Source: C:\Windows\SysWOW64\reg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\reg.exe C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg"	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\mshta.exe C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe"

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxtrans.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ddrawex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxtmsft.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: t2embed.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: imgutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: esscli.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: esscli.dll

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: install_numarkidjliveii.exe

Static file information: File size 4887336 > 1048576

Source:	Binary string: $^q7C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.pdb source: powershell.exe, 00000007.00000002.4091887623.0000000005472000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Obfuscated command line found

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""	Jump to behavior

Compiles C# or VB.Net code

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"

PE file contains sections with non-standard names

Source: AvastAntivirusA.exe.0.dr	Static PE information: section name: .didat
Source: AvastAntivirusWorldwideA.exe.0.dr	Static PE information: section name: .didat

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00401860 push eax; mov dword ptr [esp], ebx	0_2_0040191A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040183B push edi; mov dword ptr [esp], eax	0_2_0040184E
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push eax; mov dword ptr [esp], ebx	0_2_0040628F
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push ebx; mov dword ptr [esp], 00434400h	0_2_004062AA
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push eax; mov dword ptr [esp], 0040B3B0h	0_2_00406432
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push esi; mov dword ptr [esp], 00000001h	0_2_004064F1
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00401AEC push edx; mov dword ptr [esp], eax	0_2_00401B39
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00401AEC push edi; mov dword ptr [esp], 00412840h	0_2_00401B50
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push esi; mov dword ptr [esp], 00000004h	0_2_004071A6
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push ecx; mov dword ptr [esp], 00000015h	0_2_004071D7
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push eax; mov dword ptr [esp], ebx	0_2_0040742D
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push eax; mov dword ptr [esp], 00000001h	0_2_0040749A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004042A4 push eax; mov dword ptr [esp], 00435400h	0_2_004042B7
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004042A4 push eax; mov dword ptr [esp], 00435400h	0_2_004042D9
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408147 push ebx; mov dword ptr [esp], 0042AF40h	0_2_00408164
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408147 push eax; mov dword ptr [esp], 0042AF40h	0_2_004081DC
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 0040B301h	0_2_0040439E
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push ebx; mov dword ptr [esp], 0040B309h	0_2_004043AB
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push esi; mov dword ptr [esp], 0040B311h	0_2_004043B8
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push edi; mov dword ptr [esp], 0000000Dh	0_2_004043C5
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 0000000Bh	0_2_004043D2
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push esi; mov dword ptr [esp], 00000000h	0_2_0040445D
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push edx; mov dword ptr [esp], eax	0_2_0040449A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], ebx	0_2_0040457C
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 00435400h	0_2_004046D2
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push ecx; mov dword ptr [esp], 00427D20h	0_2_00404747
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 00427D20h	0_2_004047AC
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push ebx; mov dword ptr [esp], 00000002h	0_2_00404824
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004049C6 push eax; mov dword ptr [esp], ebx	0_2_004049F4
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00404FD9 push eax; mov dword ptr [esp], 00000405h	0_2_00405501
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004025F9 push ecx; mov dword ptr [esp], ebx	0_2_0040261A

Drops PE files

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser_tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_elements.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	File created: C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusWorldwideA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\nst22E9.tmp\System.dll	Jump to dropped file

Creates or modifies windows services

Source: C:\Windows\SysWOW64\mshta.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Microsoft-Windows-Diagnostics-Performance/Operational

Jump to behavior

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries pointing device information (via WMI, Win32_PointingDevice, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PointingDevice

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity

Queries sensitive battery information (via WMI, Win32_Battery, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PortableBattery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter

Queries sensitive printer information (via WMI, Win32_Printer, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Printer

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT State, Name FROM Win32_Service WHERE Name="wscsvc"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT State, Name FROM Win32_Service WHERE Name="wscsvc"

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_SoundDevice

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Contains long sleeps (>= 3 min)

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 655464

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5350
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4414

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser_tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_elements.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusWorldwideA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst22E9.tmp\System.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7004	Thread sleep count: 5350 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7244	Thread sleep time: -17524406870024063s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6836	Thread sleep count: 4414 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7920	Thread sleep time: -655464s >= -30000s

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Baseboard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040810F FindFirstFileA,FindClose,	0_2_0040810F
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408592 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00408592
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00403411 FindFirstFileA,	0_2_00403411

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 655464

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior

Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverCD-ROM DriveCDROMSCSI\CdRomNECVMWarVMware_SATA_CD001.00SCSI\CdRomSCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000{4d36e965-e325-11ce-bfc1-08002be10318}Bus Number 0, Target Id 0, LUN 0\Device\00000025(Standard CD-ROM drives)NECVMWar VMware SATA CD00cdrom.infMicrosoft20060621000000.****+*CD-ROM Drive10.0.19041.1266Microsoft Windows
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "name": "VMware VMCI Bus Device",
Source: mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <script type="text/javascript">window.data.push({"type":"log","data":{"lvl":"debug","tags":["quickstart","wmi"],"namespace":"systemScanner:wmi:collected","message":"localdiagnostics data from WMI","params":{"task":"localdiagnostics","data":{"Computer":{"Summary":{"Computer":{"Manufacturer":"vmware","Model":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Computer Type":"x64-based PC","Operating System":"Microsoft Windows 10 Pro","Internet Explorer":"11.789.19041.0","Computer Name":"user-PC","User Name":"user-PC\\user","Logon Domain":"9T45V","Date / Time":"Wed Oct 04 2023 13:02:16 GMT+0200 (W. Europe Summer Time)"},"Temperature":{},"Motherboard":{"CPU Type":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, 2000 MHz, 4-core","Motherboard Name":"Base Board","System Memory":"4096 MB","BIOS Type":"EO1CO (2022.11.21)"},"Display":{"Video Adapter":["UT3DDWT9P (1024 MB)"],"Monitor":["Default Monitor Default Monitor"]},"Multimedia":{"Audio Adapter":[]},"Storage":{"IDE Controller":[null,"Intel(R) 82371AB/EB PCI Bus Master IDE Controller","ATA Channel 0","ATA Channel 1"],"Disk Drive":["TY2WBMYM SCSI Disk Device (SMART OK)"],"Optical Drive":[]},"Partitions":{"Partition":["C: (NTFS) 208.15 GB (18.59 GB free)"]},"Input":{"Keyboard":["Standard PS/2 Keyboard"],"Mouse":["USB Input Device","PS/2 Compatible Mouse","USB Input Device"]},"Network":{"Network Adapter":["Microsoft Kernel Debug Network Adapter","Intel(R) 82574L Gigabit Network Connection (MAC EC:F4:BB:EA:15:88)","WAN Miniport (SSTP)","WAN Miniport (IKEv2)","WAN Miniport (L2TP)","WAN Miniport (PPTP)","WAN Miniport (PPPOE)","WAN Miniport (IP) (MAC 5A:8C:20:52:41:53)","WAN Miniport (IPv6) (MAC 60:B7:20:52:41:53)","WAN Miniport (Network Monitor) (MAC 6A:3D:20:52:41:53)"]},"Peripherals":{"Printer":["OneNote","OneNote (Desktop)","Microsoft XPS Document Writer","Microsoft Print to PDF","Fax"],"USB Controller":[null],"Battery":[]},"DMI":{"DMI BIOS Vendor":"L56PU","DMI BIOS Version":"EO1CO","DMI System Manufacturer":"VMware, Inc.","DMI System Product":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","DMI System Version":"None","DMI System Serial Number":"YYP1F3","DMI System UUID":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","DMI Motherboard Manufacturer":"ER92CEX396","DMI Motherboard Product":"NBFTB4BSLY","DMI Motherboard Version":"None","DMI Motherboard Serial Number":"0434673422260797","DMI Chassis Manufacturer":"No Enclosure","DMI Chassis Version":"N/A","DMI Chassis Serial Number":"None","DMI Chassis Asset Tag":"No Asset Tag","DMI Chassis Type":"Other"}},"Power Management":{"Power Management Properties":{},"Battery Properties":{}}},"Operating System":{"Operating System":{"Operating System Properties":{"OS Name":"Microsoft Windows 10 Pro","OS Language":"en-GB","OS Kernel Type":"Multiprocessor Free (64-bit)","OS Version":"10.0.19045","OS Installation Date":"Tue Oct 03 2023 09:57:18 GMT+0200 (W. Europe Summer Time)","OS Root":"C:\\Windows"},"License Information":{"Registered Owner":"hardz","Product ID":"00330-71388-77104-AAOEM"},"Cur
Source: mshta.exe, 00000002.00000003.1848686020.000000000C026000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UH_UP&DEV_1975&SUBSYS_15AD1975&REV_1001"]},{"deviceId":"ACPI\\VMW0001\\7","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ACPI\\VMW0001"]},{"deviceId":"ACPI\\PNP0200\\4&1BD7F811&0","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ACPI\\PNP0200"]},{"deviceId":"SWD\\MSRRAS\\MS_PPPOEMINIPORT","status":"OK","statusCode":0,"classGuid":"{4d36e972-e325-11ce-bfc1-08002be10318}","hardwareId":["SWD\\MSRRAS"]},{"deviceId":"PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00\\3&218E0F40&0&18","status":"OK","statusCode":0,"classGuid":"{4d36e96a-e325-11ce-bfc1-08002be10318}","hardwareId":["PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00"]},{"deviceId":"ROOT\\VDRVROOT\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VDRVROOT"]},{"deviceId":"ACPI\\ACPI0003\\1","status":"OK","statusCode":0,"classGuid":"{72631e54-78a4-11d0-bcf7-00aa00b7b32a}","hardwareId":["ACPI\\ACPI0003"]},{"deviceId":"SWD\\PRINTENUM\\{403E365F-43ED-4C49-9062-C8F014B3A645}","status":"OK","statusCode":0,"classGuid":"{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}","hardwareId":["SWD\\PRINTENUM"]},{"deviceId":"HID\\VID_0E0F&PID_0003&MI_00\\7&10DF666E&0&0000","status":"OK","statusCode":0,"classGuid":"{4d36e96f-e325-11ce-bfc1-08002be10318}","hardwareId":["HID\\VID_0E0F&PID_0003&MI_00","HID\\VID_0E0F&PID_0003&MI_00&MI_00"]},{"deviceId":"ROOT\\VOLMGR\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VOLMGR"]}],"model":{"type":"Other","vendor":"VMware","name":"user-PC","info":{"computerSystem":{"Manufacturer":"dhRa25mUHcgXWd2","Model":"hN3D7p9L","Caption":"user-PC"},"computerSystemProduct":{"Vendor":"VMware, Inc.","Name":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Version":"None"},"baseBoard":{"Product":"NBFTB4BSLY","Version":"None","Manufacturer":"ER92CEX396"}}},"windows":{"ver":"10.0","arch":"64","build":19045},"limit":5,"useRank":{"filter":false,"sort":true},"markers
Source: mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "DMI System Manufacturer": "VMware, Inc.",
Source: mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "Vendor": "VMware, Inc.",
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "deviceId": "SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\4&1656F219&0&000000",
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverVMware VMCI Bus DeviceSYSTEMPCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10PCI\VEN_15AD&DEV_0740&REV_10PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F{4d36e97d-e325-11ce-bfc1-08002be10318}PCI bus 0, device 7, function 7\Device\NTPNP_PCI0010VMware, Inc.oem2.infVMware, Inc.20211029000000.****+*VMware VMCI Bus Device9.8.18.0Microsoft Windows Hardware Compatibility Publisher[
Source: mshta.exe, 00000002.00000003.1786033931.000000000D751000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverMicrosoft Hyper-V Virtualization Infrastructure DriverSYSTEMROOT\VIDROOT\VID\0000{4d36e97d-e325-11ce-bfc1-08002be10318}\Device\00000003Microsoftwvid.infMicrosoft20060621000000.****+*Microsoft Hyper-V Virtualization Infrastructure Driver10.0.19041.1466Microsoft Windows
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: mshta.exe, 00000002.00000003.1786062031.000000000D713000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Generation Counter{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityMicrosoft Hyper-V Generation CounterACPI\VMW0001\7System.String[]MicrosoftMicrosoft Hyper-V Generation CounterSystemACPI\VMW0001\7gencounterOKWin32_ComputerSystemuser-PC1-
Source: mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "17.10.7 Online","action":"drivers statistics collected","lvl":"info","tags":[],"namespace":"driversStatistics:collected","params":{"driversStatistics":{"model":{"type":"Other","vendor":"VMware"},"windows":{"ver":"10.0","arch":"64","build":19045,"installDate":"20220616"},"devices":[{"device":{"deviceId":"SWD\\MSRRAS\\MS_NDISWANBH","hardwareId":["SWD\\MSRRAS"],"status":"OK","statusCode":0},"currentDriver":{"deviceId":"SWD\\MSRRAS
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRomNECVMWarVMware_SATA_CD001.00
Source: mshta.exe, 00000002.00000003.1901186540.000000000F1EB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\4&1656F219&0&000000"w
Source: mshta.exe, 00000002.00000003.1847142567.000000000D757000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Generation Counter",
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "deviceId": "SCSI\\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\\4&224F42EF&0&000000",
Source: mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "vendor": "VMware",
Source: mshta.exe, 00000002.00000003.1865796994.000000000F670000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "vendor": "VMware"
Source: mshta.exe, 00000002.00000003.1924070113.000000000D70E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 4D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1782884403.000000000D8C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.NonengCurren
Source: mshta.exe, 00000002.00000003.1786062031.000000000D713000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00
Source: mshta.exe, 00000002.00000003.1884482283.000000000E649000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "vendor": "VMware"
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782940699.000000000D8AD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786033931.000000000D751000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware VMCI Bus Device
Source: mshta.exe, 00000002.00000003.1928894844.000000000C0DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None0.7%20OnliP
Source: mshta.exe, 00000002.00000003.1847142567.000000000D757000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Virtualization Infrastructure Driver",
Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll18
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782940699.000000000D8AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure Driver{4d36e97d-e325-11ce-bfc1-08002be10318}Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure DriverROOT\VID\0000System.String[]MicrosoftMicrosoft Hyper-V Virtualization Infrastructure DriverSystemROOT\VID\0000VidOKWin32_ComputerSystemuser-PC
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverDisk driveDISKDRIVESCSI\DiskVMware__Virtual_disk____2.0_SCSI\DiskSCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000{4d36e967-e325-11ce-bfc1-08002be10318}Bus Number 0, Target Id 0, LUN 0\Device\00000023(Standard disk drives)VMware Virtual disk SCSI Disk Devicedisk.infMicrosoft20060621000000.****+*Disk drive10.0.19041.1865Microsoft WindowsR
Source: mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: mshta.exe, 00000002.00000003.1865796994.000000000F670000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865950348.000000000D757000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Generation Counter",
Source: mshta.exe, 00000002.00000003.1931128371.000000000D6A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 48-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1884433449.000000000F510000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884482283.000000000E649000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Generation Counter",
Source: mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <script type="application/json" class="data">{"type":"log","data":{"lvl":"debug","tags":["quickstart","wmi"],"namespace":"systemScanner:wmi:collected","message":"localdiagnostics data from WMI","params":{"task":"localdiagnostics","data":{"Computer":{"Summary":{"Computer":{"Manufacturer":"vmware","Model":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Computer Type":"x64-based PC","Operating System":"Microsoft Windows 10 Pro","Internet Explorer":"11.789.19041.0","Computer Name":"user-PC","User Name":"user-PC\\user","Logon Domain":"9T45V","Date / Time":"Wed Oct 04 2023 13:02:16 GMT+0200 (W. Europe Summer Time)"},"Temperature":{},"Motherboard":{"CPU Type":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, 2000 MHz, 4-core","Motherboard Name":"Base Board","System Memory":"4096 MB","BIOS Type":"EO1CO (2022.11.21)"},"Display":{"Video Adapter":["UT3DDWT9P (1024 MB)"],"Monitor":["Default Monitor Default Monitor"]},"Multimedia":{"Audio Adapter":[]},"Storage":{"IDE Controller":[null,"Intel(R) 82371AB/EB PCI Bus Master IDE Controller","ATA Channel 0","ATA Channel 1"],"Disk Drive":["TY2WBMYM SCSI Disk Device (SMART OK)"],"Optical Drive":[]},"Partitions":{"Partition":["C: (NTFS) 208.15 GB (18.59 GB free)"]},"Input":{"Keyboard":["Standard PS/2 Keyboard"],"Mouse":["USB Input Device","PS/2 Compatible Mouse","USB Input Device"]},"Network":{"Network Adapter":["Microsoft Kernel Debug Network Adapter","Intel(R) 82574L Gigabit Network Connection (MAC EC:F4:BB:EA:15:88)","WAN Miniport (SSTP)","WAN Miniport (IKEv2)","WAN Miniport (L2TP)","WAN Miniport (PPTP)","WAN Miniport (PPPOE)","WAN Miniport (IP) (MAC 5A:8C:20:52:41:53)","WAN Miniport (IPv6) (MAC 60:B7:20:52:41:53)","WAN Miniport (Network Monitor) (MAC 6A:3D:20:52:41:53)"]},"Peripherals":{"Printer":["OneNote","OneNote (Desktop)","Microsoft XPS Document Writer","Microsoft Print to PDF","Fax"],"USB Controller":[null],"Battery":[]},"DMI":{"DMI BIOS Vendor":"L56PU","DMI BIOS Version":"EO1CO","DMI System Manufacturer":"VMware, Inc.","DMI System Product":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","DMI System Version":"None","DMI System Serial Number":"YYP1F3","DMI System UUID":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","DMI Motherboard Manufacturer":"ER92CEX396","DMI Motherboard Product":"NBFTB4BSLY","DMI Motherboard Version":"None","DMI Motherboard Serial Number":"0434673422260797","DMI Chassis Manufacturer":"No Enclosure","DMI Chassis Version":"N/A","DMI Chassis Serial Number":"None","DMI Chassis Asset Tag":"No Asset Tag","DMI Chassis Type":"Other"}},"Power Management":{"Power Management Properties":{},"Battery Properties":{}}},"Operating System":{"Operating System":{"Operating System Properties":{"OS Name":"Microsoft Windows 10 Pro","OS Language":"en-GB","OS Kernel Type":"Multiprocessor Free (64-bit)","OS Version":"10.0.19045","OS Installation Date":"Tue Oct 03 2023 09:57:18 GMT+0200 (W. Europe Summer Time)","OS Root":"C:\\Windows"},"License Information":{"Registered Owner":"hardz","Product ID":"00330-71388-77104-AAOEM"},"Curren
Source: mshta.exe, 00000002.00000003.1884433449.000000000F510000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884482283.000000000E649000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Virtualization Infrastructure Driver",
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "manufacturer": "VMware, Inc.",
Source: drp.js.0.dr	Binary or memory string: if ([ /virtualbox/i, /vmware/i ].some(function(reg) {
Source: mshta.exe, 00000002.00000003.1886982602.000000000D897000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MI_00","HID\\VID_0E0F&PID_0003&MI_00&MI_00"]},{"deviceId":"ROOT\\VOLMGR\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VOLMGR"]}],"model":{"type":"Other","vendor":"VMware","name":"user-PC","info":{"computerSystem":{"Manufacturer":"dhRa25mUHcgXWd2","Model":"hN3D7p9L","Caption":"user-PC"},"computerSystemProduct":{"Vendor":"VMware, Inc.
Source: mshta.exe, 00000002.00000003.1782884403.000000000D8C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1865796994.000000000F670000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865950348.000000000D757000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Virtualization Infrastructure Driver",
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DiskVMware__Virtual_disk____2.0_
Source: mshta.exe, 00000002.00000003.1929376293.000000000E641000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1867117417.000000000D69F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tus":"OK","statusCode":0,"classGuid":"{4d36e972-e325-11ce-bfc1-08002be10318}","hardwareId":["SWD\\MSRRAS"]},{"deviceId":"PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00\\3&218E0F40&0&18","status":"OK","statusCode":0,"classGuid":"{4d36e96a-e325-11ce-bfc1-08002be10318}","hardwareId":["PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00"]},{"deviceId":"ROOT\\VDRVROOT\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VDRVROOT"]},{"deviceId":"ACPI\\ACPI0003\\1","status":"OK","statusCode":0,"classGuid":"{72631e54-78a4-11d0-bcf7-00aa00b7b32a}","hardwareId":["ACPI\\ACPI0003"]},{"deviceId":"SWD\\PRINTENUM\\{403E365F-43ED-4C49-9062-C8F014B3A645}","status":"OK","statusCode":0,"classGuid":"{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}","hardwareId":["SWD\\PRINTENUM"]},{"deviceId":"HID\\VID_0E0F&PID_0003&MI_00\\7&10DF666E&0&0000","status":"OK","statusCode":0,"classGuid":"{4d36e96f-e325-11ce-bfc1-08002be10318}","hardwareId":["HID\\VID_0E0F&PID_0003&MI_00","HID\\VID_0E0F&PID_0003&MI_00&MI_00"]},{"deviceId":"ROOT\\VOLMGR\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VOLMGR"]}],"model":{"type":"Other","vendor":"VMware","name":"user-PC","info":{"computerSystem":{"Manufacturer":"dhRa25mUHcgXWd2","Model":"hN3D7p9L","Caption":"user-PC"},"computerSystemProduct":{"Vendor":"VMware, Inc.","Name":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Version":"None"},"baseBoard":{"Product":"NBFTB4BSLY","Version":"None","Manufacturer":"ER92CEX396"}}},"windows":{"ver":"10.0","arch":"64","build":19045}
Source: mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None^
Source: mshta.exe, 00000002.00000003.1901453716.000000000F1F3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\4&1656F219&0&000000"
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None81228s

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Enables debug privileges

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Source: C:\Windows\SysWOW64\mshta.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: install_numarkidjliveii.exe PID: 6836, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\drp.js, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\nsn222C.tmp, type: DROPPED

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\cmd.exe

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe"

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c powershell -noninteractive -nologo -noprofile -executionpolicy bypass "get-content 'c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.cmd.txt' -wait \| invoke-expression" > "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stderr.log"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c "netsh advfirewall firewall add rule name="driverpack aria2c.exe" dir=in action=allow program="c:\users\user\appdata\local\temp\driverpack-2024041790000\tools\aria2c.exe" \|\| echo done & call echo done %^errorlevel% > "c:\users\user\appdata\roaming\drpsu\temp\run_command_59771.txt""
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c powershell -noninteractive -nologo -noprofile -executionpolicy bypass "get-content 'c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.cmd.txt' -wait \| invoke-expression" > "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stderr.log"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c "netsh advfirewall firewall add rule name="driverpack aria2c.exe" dir=in action=allow program="c:\users\user\appdata\local\temp\driverpack-2024041790000\tools\aria2c.exe" \|\| echo done & call echo done %^errorlevel% > "c:\users\user\appdata\roaming\drpsu\temp\run_command_59771.txt""	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

0_2_0040435D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Modifies Internet Explorer zone settings

Source: C:\Windows\SysWOW64\mshta.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 1406

Jump to behavior

Modifies Internet Explorer zonemap settings

Source: C:\Windows\SysWOW64\reg.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update http			Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update https			Jump to behavior

Modifies the windows firewall

Source: C:\Windows\SysWOW64\mshta.exe

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"

AV process strings found (often used to terminate AV products)

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpywareProduct

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences			Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences			Jump to behavior

ID:	1427204
Product:	CloudBasic
Start time:	08:59:13
Start date:	17.04.2024
Sample:	install_numarkidjliveii.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c82f01cd37f341209e6ac8c8848ec398
SHA1:	5fe0b58b02a3ea209ed4e9f7fca49b4ed775dc11
SHA256:	7919e9611d4b12ef001005e6af2b8f6c602aa3b4978b2a056e14bc41bd8fe024
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
install_numarkidjliveii.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report install_numarkidjliveii.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
install_numarkidjliveii.exe