Edit tour

Windows Analysis Report
install_numarkidjliveii.exe

Overview

General Information

Sample name:	install_numarkidjliveii.exe
Analysis ID:	1427204
MD5:	c82f01cd37f341209e6ac8c8848ec398
SHA1:	5fe0b58b02a3ea209ed4e9f7fca49b4ed775dc11
SHA256:	7919e9611d4b12ef001005e6af2b8f6c602aa3b4978b2a056e14bc41bd8fe024
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Powershell download and execute

Bypasses PowerShell execution policy

Creates HTA files

Modifies Internet Explorer zone settings

Modifies Internet Explorer zonemap settings

Modifies the windows firewall

Obfuscated command line found

Queries pointing device information (via WMI, Win32_PointingDevice, often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive battery information (via WMI, Win32_Battery, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive printer information (via WMI, Win32_Printer, often done to detect virtual machines)

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sigma detected: Dot net compiler compiles file from suspicious location

Sigma detected: Legitimate Application Dropped Script

Sigma detected: Potential WinAPI Calls Via CommandLine

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious MSHTA Child Process

Sigma detected: Suspicious Script Execution From Temp Folder

Tries to harvest and steal browser information (history, passwords, etc)

Uses netsh to modify the Windows network and firewall settings

Writes or reads registry keys via WMI

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Compiles C# or VB.Net code

Contains functionality for read data from the clipboard

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates or modifies windows services

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for the Microsoft Outlook file path

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Sigma detected: IE Change Domain Zone

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

install_numarkidjliveii.exe (PID: 6836 cmdline: "C:\Users\user\Desktop\install_numarkidjliveii.exe" MD5: C82F01CD37F341209E6AC8C8848EC398)

reg.exe (PID: 7032 cmdline: C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

conhost.exe (PID: 7096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mshta.exe (PID: 7084 cmdline: C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta MD5: 06B02D5C097C7DB1F109749C45F3F505)

cmd.exe (PID: 6904 cmdline: "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 4900 cmdline: powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

csc.exe (PID: 7264 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)

cvtres.exe (PID: 7280 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)

cmd.exe (PID: 7176 cmdline: "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7228 cmdline: netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

cmd.exe (PID: 7304 cmdline: "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7356 cmdline: netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

WmiPrvSE.exe (PID: 7496 cmdline: C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding MD5: 64ACA4F48771A5BA50CD50F2410632AD)

WmiPrvSE.exe (PID: 7540 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

rundll32.exe (PID: 7916 cmdline: rundll32 kernel32,Sleep MD5: 889B99C52A60DD49227C5E485A016679)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\drp.js	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Users\user\AppData\Local\Temp\nsn222C.tmp	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: install_numarkidjliveii.exe PID: 6836	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security

Sigma Signatures

System Summary

Sigma detected: Legitimate Application Dropped Script

Source: File created

Author: frack113, Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\mshta.exe, ProcessId: 7084, TargetFilename: C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqigp.n326h.ps1

Sigma detected: Potential WinAPI Calls Via CommandLine

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: rundll32 kernel32,Sleep, CommandLine: rundll32 kernel32,Sleep, CommandLine|base64offset|contains: ], Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 7084, ParentProcessName: mshta.exe, ProcessCommandLine: rundll32 kernel32,Sleep, ProcessId: 7916, ProcessName: rundll32.exe

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta, CommandLine: C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Users\user\Desktop\install_numarkidjliveii.exe", ParentImage: C:\Users\user\Desktop\install_numarkidjliveii.exe, ParentProcessId: 6836, ParentProcessName: install_numarkidjliveii.exe, ProcessCommandLine: C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta, ProcessId: 7084, ProcessName: mshta.exe

Sigma detected: Suspicious MSHTA Child Process

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log", CommandLine: "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta, ParentImage: C:\Windows\SysWOW64\mshta.exe, ParentProcessId: 7084, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log", ProcessId: 6904, ProcessName: cmd.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta, CommandLine: C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\mshta.exe, NewProcessName: C:\Windows\SysWOW64\mshta.exe, OriginalFileName: C:\Windows\SysWOW64\mshta.exe, ParentCommandLine: "C:\Users\user\Desktop\install_numarkidjliveii.exe", ParentImage: C:\Users\user\Desktop\install_numarkidjliveii.exe, ParentProcessId: 6836, ParentProcessName: install_numarkidjliveii.exe, ProcessCommandLine: C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta, ProcessId: 7084, ProcessName: mshta.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" , CommandLine: powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6904, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" , ProcessId: 4900, ProcessName: powershell.exe

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Source: Process started

Author: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" , ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 4900, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline", ProcessId: 7264, ProcessName: csc.exe

Sigma detected: IE Change Domain Zone

Source: Registry Key set

Author: frack113: Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 7032, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update\http

Sigma detected: Dynamic CSharp Compile Artefact

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 4900, TargetFilename: C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline

Sigma detected: Modification of IE Registry Settings

Source: Registry Key set

Author: frack113: Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 7032, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" , CommandLine: powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6904, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" , ProcessId: 4900, ProcessName: powershell.exe

Data Obfuscation

Sigma detected: Dot net compiler compiles file from suspicious location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression" , ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 4900, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline", ProcessId: 7264, ProcessName: csc.exe

Snort Signatures

ET MALWARE DriverPack Domain in DNS Query - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	04/17/24-09:00:08.694358
SID:	2032357
Source Port:	52257
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ET MALWARE Observed DNS Query to DriverPack Domain ( .drp .su) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	04/17/24-09:00:11.245673
SID:	2037895
Source Port:	51224
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE DriverPack Domain in DNS Query - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	04/17/24-09:00:11.245673
SID:	2032357
Source Port:	51224
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ET MALWARE Observed DNS Query to DriverPack Domain ( .drp .su) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	04/17/24-09:00:08.694358
SID:	2037895
Source Port:	52257
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: install_numarkidjliveii.exe	ReversingLabs: Detection: 32%
Source: install_numarkidjliveii.exe	Virustotal: Detection: 43%			Perma Link

Source: install_numarkidjliveii.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: unknown	HTTPS traffic detected: 172.67.209.192:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.88.21.119:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49756 version: TLS 1.2

Source:	Binary string: $^q7C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.pdb source: powershell.exe, 00000007.00000002.4091887623.0000000005472000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040810F FindFirstFileA,FindClose,	0_2_0040810F
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408592 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00408592
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00403411 FindFirstFileA,	0_2_00403411

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2037895 ET MALWARE Observed DNS Query to DriverPack Domain ( .drp .su) 192.168.2.4:52257 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2032357 ET MALWARE DriverPack Domain in DNS Query 192.168.2.4:52257 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2037895 ET MALWARE Observed DNS Query to DriverPack Domain ( .drp .su) 192.168.2.4:51224 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2032357 ET MALWARE DriverPack Domain in DNS Query 192.168.2.4:51224 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 87.117.235.115 87.117.235.115
Source: Joe Sandbox View	IP Address: 77.88.21.119 77.88.21.119
Source: Joe Sandbox View	IP Address: 87.250.250.119 87.250.250.119
Source: Joe Sandbox View	IP Address: 37.9.8.75 37.9.8.75
Source: Joe Sandbox View	IP Address: 37.9.8.75 37.9.8.75

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: allfont.ru
Source: global traffic	HTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A897563375%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A678962730%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A612501295%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10342.GydfnN1hdXfzFQMQDc44Q9HEARHRitoT-zHbErZ1LfApOqGOx2dpAKEBlffDSP0X.FDbPLjp3CwmBnIrB84hgd_gqR4I%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs72L_uu8aciMa61tJdTByjYa-tbhOlaiiH39pT7baN8uNFtHdS_OHUdCxokWI3ADXqSYlkJAoI11U2LG9IAAVMfj9hF4GTnDeZ3JeM0yaGM1yQij2zuY2nROj8Azk-nstTQTYGsNVujtqpADUt3taDrdRm6EVyuFO_c4AYpbuahbEDArxuzadVBhxNsww2eyQSA%2C.ol5KyN6CWxJartpTnqUpSoDvL58%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-1-ui-1)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/46420341?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-2-ui-2)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/33423178?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-1-ui-1%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2595979941713337225; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=/SZrgNStdKMhZ8vyo2shk0RJcsq6ZXOxCbkj+zxmRO4aLAVN+JWX77m5VM/qN11pKg+5ZBPiPvYTHAFII2UziHGmqGg=; yandexuid=4952632461713337225; yashr=917947241713337224; ymex=1744873225.yrts.1713337225#1744873225.yrtsi.1713337225
Source: global traffic	HTTP traffic detected: GET /watch/46420341/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-2-ui-2%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2434634081713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=+IKtjNesybxvl+KvCxQbpd594Of1UCAUMsF5bRvRt7L5HaUVbVp6ap2riCF7HQ4cuSMi2njyKTb2cT6IzHLNOTb52Yk=; yandexuid=1099871741713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A586458861%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A308329436%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A465185448%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check_secondary HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: POST /watch/30541482/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A214461765%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A773616488%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10342.B9GRQGs8pmFo4Lpumi1YsPekH6Wn-dIjJLwvGPbbQ1eJKLj_bAn82ZnOl54KYAAI.1xRHuRcvWLbyzFhxh9nui86ekQk%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212; sync_cookie_csrf=1872351521fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A282648834%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A980287809%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A412757713%3Ax%3A32101%3Ay%3A0%3At%3A124%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide_secondary?token=10342.8DQ7Eax45To7u64iM9xyxJV_sEskpVw_Hpk4uo3tqJKOVdNBO6L_-tc6xT04jXckQ8lLcif2_DSC3Sw-toGMsh67nskZysqcZOpgF4RnVAgNeKIu5y9DlJ6-z9iv_roF8gjucku2g4RFJ7hyUOrJXFiXyUlBSCQcZqtGo36vrSLsURhlsIR5761apRMdg9AUqPLU-n4ozlwdiKET0oy_BpNCzUke6y4-1_CIgybW1eg%2C.5uR-FSAzPgVA1_iGgbSCUE-hCcU%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A450156105%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A195840207%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A257828719%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A258617496%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A388750787%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A934793483%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A107870281%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1039018753%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A838339832%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A789989460%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A221157092%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A720320934%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: POST /watch/33423178/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A755637487%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A1022775656%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A419309610%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A943119066%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A969684426%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A723322787%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A111877172%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A265724439%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A556610360%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A286026980%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A653810575%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: POST /watch/46420341/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337228_91dc45f5f1244bfe734fb20d795a95f26039603f3620d6e46615bf54ddecb2dd&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A968100679%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A738440973%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A531994509%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522654328%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A199610596%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A952683707%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1051383922%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A55722148%3Ax%3A32153%3Ay%3A0%3At%3A409%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A97942981%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A848560597%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A375635206%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A986971658%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A266246763%3Ax%3A32101%3Ay%3A0%3At%3A463%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021695890%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A505792363%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A135342147%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A960259864%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A782495120%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A581394745%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A315552122%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1000405654%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A730110411%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A957482948%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A662108354%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A401714213%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1055556027%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A602837488%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1066264284%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A454302231%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002354999%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A909468003%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761297770%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A748021066%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A964748906%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A16650997%3Ax%3A32101%3Ay%3A0%3At%3A919%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002945535%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A293368331%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A280109737%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A751307617%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A147919798%3Ax%3A32101%3Ay%3A0%3At%3A975%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A133735897%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A608498649%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A473289209%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A271187365%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859497283%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A836304924%3Ax%3A32153%3Ay%3A0%3At%3A1097%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054368760%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A539433115%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021854622%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A805199689%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859327609%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A330914073%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A340299571%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A825498394%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A732461021%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A166627184%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A984388053%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054540317%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A123813360%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A688033795%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A520487442%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A361877600%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A481267253%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A762298943%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A96632639%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A595747434%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A854761415%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A767535879%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1005898635%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A421332578%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A278268286%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A437535754%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A888624274%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A780451455%3Ax%3A32153%3Ay%3A0%3At%3A1675%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A211895753%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A281818874%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A759531647%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A988071375%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A534436396%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A482164787%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A360824213%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A392962516%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A663925208%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A461435439%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A229434377%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A953081350%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A978993371%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A943650839%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A705320347%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A913191786%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A33142640%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A771977770%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A656454067%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522215435%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A843582498%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A657646641%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A649697059%3Ax%3A32153%3Ay%3A0%3At%3A2083%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A894681420%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A415632174%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A587143957%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393003063%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393235588%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761234334%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: allfont.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/session HTTP/1.1Accept: /Content-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: auth.drp.suContent-Length: 2Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 0x-drp-client-time: 2024-04-17T07:00:10.375ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 192Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/soft/?callback HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: update.drp.su
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 1x-drp-client-time: 2024-04-17T07:00:10.377ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 191Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 3x-drp-client-time: 2024-04-17T07:00:10.380ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 132Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 2x-drp-client-time: 2024-04-17T07:00:10.379ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 191Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 4x-drp-client-time: 2024-04-17T07:00:10.382ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 177Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 5x-drp-client-time: 2024-04-17T07:00:10.383ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 110Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 6x-drp-client-time: 2024-04-17T07:00:10.385ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 90Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 7x-drp-client-time: 2024-04-17T07:00:10.444ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 137Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 8x-drp-client-time: 2024-04-17T07:00:10.446ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 113Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 9x-drp-client-time: 2024-04-17T07:00:11.730ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 502Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 10x-drp-client-time: 2024-04-17T07:00:13.934ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 99Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 11x-drp-client-time: 2024-04-17T07:00:13.964ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1284Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 12x-drp-client-time: 2024-04-17T07:00:14.086ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1282Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 13x-drp-client-time: 2024-04-17T07:00:19.866ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 97Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/select HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 14x-drp-client-time: 2024-04-17T07:00:19.867ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 16467Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/user-choice/driver/retrieve HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 15x-drp-client-time: 2024-04-17T07:00:19.870ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 2Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 16x-drp-client-time: 2024-04-17T07:00:21.061ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 140Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 17x-drp-client-time: 2024-04-17T07:00:23.122ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 229Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 18x-drp-client-time: 2024-04-17T07:00:23.123ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 122Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 19x-drp-client-time: 2024-04-17T07:00:23.138ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 873Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 20x-drp-client-time: 2024-04-17T07:00:23.169ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 32741Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 22x-drp-client-time: 2024-04-17T07:00:25.109ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 97Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 23x-drp-client-time: 2024-04-17T07:00:25.113ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 155Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/cleaner HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 24x-drp-client-time: 2024-04-17T07:00:25.114ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 2597Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 25x-drp-client-time: 2024-04-17T07:00:27.847ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 130Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 26x-drp-client-time: 2024-04-17T07:00:27.881ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1282Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 27x-drp-client-time: 2024-04-17T07:00:27.919ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 176Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 28x-drp-client-time: 2024-04-17T07:00:28.246ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 186Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 29x-drp-client-time: 2024-04-17T07:00:28.255ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1358Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 30x-drp-client-time: 2024-04-17T07:00:28.260ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 147Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 31x-drp-client-time: 2024-04-17T07:00:28.270ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 165Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/events HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 32x-drp-client-time: 2024-04-17T07:00:28.277ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 153Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/logs HTTP/1.1Accept: /x-api-version: 1.1x-drp-client-id: 589230014.4837132694x-drp-computer-id: 206505393.0266497710x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6x-drp-application: driverpack onlinex-drp-version: 17.10.7 Onlinex-drp-experiment: (not set)x-drp-index: 33x-drp-client-time: 2024-04-17T07:00:28.279ZContent-Type: application/jsonAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suContent-Length: 1300Connection: Keep-AliveCache-Control: no-cache

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: allfont.ru
Source: global traffic	HTTP traffic detected: GET /metrika/watch.js HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A897563375%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A678962730%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A612501295%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10342.GydfnN1hdXfzFQMQDc44Q9HEARHRitoT-zHbErZ1LfApOqGOx2dpAKEBlffDSP0X.FDbPLjp3CwmBnIrB84hgd_gqR4I%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs72L_uu8aciMa61tJdTByjYa-tbhOlaiiH39pT7baN8uNFtHdS_OHUdCxokWI3ADXqSYlkJAoI11U2LG9IAAVMfj9hF4GTnDeZ3JeM0yaGM1yQij2zuY2nROj8Azk-nstTQTYGsNVujtqpADUt3taDrdRm6EVyuFO_c4AYpbuahbEDArxuzadVBhxNsww2eyQSA%2C.ol5KyN6CWxJartpTnqUpSoDvL58%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-1-ui-1)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/46420341?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-2-ui-2)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/33423178?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-1-ui-1%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2595979941713337225; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=/SZrgNStdKMhZ8vyo2shk0RJcsq6ZXOxCbkj+zxmRO4aLAVN+JWX77m5VM/qN11pKg+5ZBPiPvYTHAFII2UziHGmqGg=; yandexuid=4952632461713337225; yashr=917947241713337224; ymex=1744873225.yrts.1713337225#1744873225.yrtsi.1713337225
Source: global traffic	HTTP traffic detected: GET /watch/46420341/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A3%3Adp%3A0%3Als%3A333704366122%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A217079982%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-2-ui-2%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=2434634081713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=+IKtjNesybxvl+KvCxQbpd594Of1UCAUMsF5bRvRt7L5HaUVbVp6ap2riCF7HQ4cuSMi2njyKTb2cT6IzHLNOTb52Yk=; yandexuid=1099871741713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090020%3Aet%3A1713337221%3Ac%3A1%3Arn%3A643314461%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A586458861%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A308329436%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A465185448%3Ax%3A32153%3Ay%3A0%3At%3A92%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337230&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check_secondary HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A773616488%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10342.B9GRQGs8pmFo4Lpumi1YsPekH6Wn-dIjJLwvGPbbQ1eJKLj_bAn82ZnOl54KYAAI.1xRHuRcvWLbyzFhxh9nui86ekQk%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.ruCookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212; sync_cookie_csrf=1872351521fake
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A282648834%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A980287809%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A412757713%3Ax%3A32101%3Ay%3A0%3At%3A124%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide_secondary?token=10342.8DQ7Eax45To7u64iM9xyxJV_sEskpVw_Hpk4uo3tqJKOVdNBO6L_-tc6xT04jXckQ8lLcif2_DSC3Sw-toGMsh67nskZysqcZOpgF4RnVAgNeKIu5y9DlJ6-z9iv_roF8gjucku2g4RFJ7hyUOrJXFiXyUlBSCQcZqtGo36vrSLsURhlsIR5761apRMdg9AUqPLU-n4ozlwdiKET0oy_BpNCzUke6y4-1_CIgybW1eg%2C.5uR-FSAzPgVA1_iGgbSCUE-hCcU%2C HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: mc.yandex.comCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A450156105%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A195840207%3Ax%3A32101%3Ay%3A0%3At%3A123%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337233&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A257828719%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A258617496%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A388750787%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A934793483%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A107870281%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1039018753%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A838339832%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A789989460%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A221157092%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A720320934%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A2%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A1022775656%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(2)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapplication_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22problemDevices%22%3A0%2C%22errorDevices%22%3A0%2C%22errorDevicesApiFailed%22%3A0%2C%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A419309610%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(3)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fapi_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A943119066%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(4)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fprotect_api_response_received%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A969684426%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(5)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fextensions_yandexnotdetected_on_collect%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A723322787%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(6)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A111877172%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A265724439%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A556610360%3Ax%3A32153%3Ay%3A0%3At%3A237%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337245&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fsystem_scanned%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A286026980%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(7)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /watch/33423178?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fgdpr_popup_showed%2F17.10.7_online&page-ref=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fstartpage_screen_opened%2F17.10.7_online&charset=utf-8&site-info=%7B%22clientId%22%3A%22589230014.4837132694%22%2C%22computerId%22%3A%22206505393.0266497710%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&uah=che%0A0&hittoken=1713337229_7ce70585ba67e25a796a6eb514ec9ed0177ff868b79b53af933c8849142cd313&browser-info=pv%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A1%3Adp%3A0%3Als%3A491939588376%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A653810575%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(8)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A738440973%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A531994509%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522654328%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A199610596%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A952683707%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1051383922%3Ax%3A32101%3Ay%3A0%3At%3A350%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337256&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A55722148%3Ax%3A32153%3Ay%3A0%3At%3A409%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A97942981%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A848560597%3Ax%3A32153%3Ay%3A0%3At%3A408%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A375635206%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A986971658%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A266246763%3Ax%3A32101%3Ay%3A0%3At%3A463%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021695890%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A505792363%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A135342147%3Ax%3A32153%3Ay%3A0%3At%3A519%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337273&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A960259864%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A782495120%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A581394745%3Ax%3A32101%3Ay%3A0%3At%3A575%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337279&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A315552122%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1000405654%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A730110411%3Ax%3A32153%3Ay%3A0%3At%3A633%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337284&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A957482948%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A662108354%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A401714213%3Ax%3A32101%3Ay%3A0%3At%3A691%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337290&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1055556027%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A602837488%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1066264284%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A454302231%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002354999%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A909468003%3Ax%3A32101%3Ay%3A0%3At%3A805%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337302&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761297770%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A748021066%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A964748906%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A16650997%3Ax%3A32101%3Ay%3A0%3At%3A919%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002945535%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A293368331%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A280109737%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A751307617%3Ax%3A32101%3Ay%3A0%3At%3A976%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A147919798%3Ax%3A32101%3Ay%3A0%3At%3A975%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337319&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A133735897%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A608498649%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A473289209%3Ax%3A32101%3Ay%3A0%3At%3A1035%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337325&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A271187365%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859497283%3Ax%3A32153%3Ay%3A0%3At%3A1098%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A836304924%3Ax%3A32153%3Ay%3A0%3At%3A1097%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337331&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054368760%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A539433115%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1021854622%3Ax%3A32101%3Ay%3A0%3At%3A1155%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337337&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A805199689%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A859327609%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A330914073%3Ax%3A32101%3Ay%3A0%3At%3A1214%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337342&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A340299571%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A825498394%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A732461021%3Ax%3A32153%3Ay%3A0%3At%3A1273%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337348&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A166627184%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A984388053%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1054540317%3Ax%3A32153%3Ay%3A0%3At%3A1331%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337354&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A123813360%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A688033795%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A520487442%3Ax%3A32153%3Ay%3A0%3At%3A1389%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337360&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A361877600%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A481267253%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A762298943%3Ax%3A32101%3Ay%3A0%3At%3A1445%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337366&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A96632639%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A595747434%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A854761415%3Ax%3A32153%3Ay%3A0%3At%3A1501%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337371&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A767535879%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1005898635%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A421332578%3Ax%3A32153%3Ay%3A0%3At%3A1559%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337377&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A278268286%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A437535754%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A888624274%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A780451455%3Ax%3A32153%3Ay%3A0%3At%3A1675%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A211895753%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A281818874%3Ax%3A32153%3Ay%3A0%3At%3A1674%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337389&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A759531647%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A988071375%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A534436396%3Ax%3A32101%3Ay%3A0%3At%3A1731%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337394&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A482164787%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A360824213%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A392962516%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A663925208%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A461435439%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A229434377%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A953081350%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A978993371%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A943650839%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A705320347%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A913191786%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A33142640%3Ax%3A32101%3Ay%3A0%3At%3A1961%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337417&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A771977770%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A656454067%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A522215435%3Ax%3A32153%3Ay%3A0%3At%3A2025%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337424&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A843582498%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A657646641%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A649697059%3Ax%3A32153%3Ay%3A0%3At%3A2083%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A894681420%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A415632174%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A587143957%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393003063%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A393235588%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761234334%3Ax%3A32101%3Ay%3A0%3At%3A2199%3Ap%3AA2AA%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337441&t=gdpr(14)ti(4) HTTP/1.1Accept: /*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comConnection: Keep-AliveCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; sync_cookie_csrf_secondary=1978639189fake; sync_cookie_ok_secondary=synced; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=917947241713337224; ymex=1715929237.oyu.7386383941713337226#1744873226.yrts.1713337226#1744873226.yrtsi.1713337226; yp=1713423637.yu.7386383941713337226
Source: global traffic	HTTP traffic detected: GET /allfont.css?fonts=lucida-console HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: allfont.ruConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: update.drp.suConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v2/soft/?callback HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: update.drp.su

Source: unknown

DNS traffic detected: queries for: allfont.ru

Source: unknown

HTTP traffic detected: POST /watch/30541482/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&charset=utf-8&ut=noindex&uah=che%0A0&hittoken=1713337227_c897ee0159f8d6421f5d0aef106cee121e915109bed542b398b23ce58823598e&browser-info=pa%3A1%3Aar%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090030%3Aet%3A1713337230%3Ac%3A1%3Arn%3A214461765%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Apri%3A1%3Ads%3A0%2C0%2C1%2C0%2C6%2C0%2C%2C2401%2C0%2C2443%2C2443%2C0%2C2409%3Aco%3A0%3Aeu%3A1%3Ans%3A1713337205210%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1713337232&t=gdpr(14)mc(p-3-ui-3-h-14)clc(15-628-0)rqnt(1)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.comContent-Length: 77Connection: Keep-AliveCache-Control: no-cacheCookie: sync_cookie_csrf=1371361366fake; sync_cookie_ok=synced; yabs-sid=1096585781713337226; _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; i=wJA/wFfidV0JSzIIabIb/mioelO4UaJUu2GdpeH2GKoy4K7LplcUDUaQFOURZdWK2LCQwrAKOwxxHTn12WuZuCdQARU=; yandexuid=7386383941713337226; yashr=917947241713337224; ymex=1744873226.yrts.1713337226#1744873226.yrtsi.1713337226

Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E20000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E20000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686824877.0000000008E20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/
Source: mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console
Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console&
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console);.header
Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-console4
Source: mshta.exe, 00000002.00000003.1686824877.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://allfont.ru/allfont.css?fonts=lucida-consolei
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auth.drp.su
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auth.drp.su/api/session
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auth.drp.su/api/session6F
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://community.drp.su/topic/8266/how-to-remove-driverpack
Source: install_numarkidjliveii.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: install_numarkidjliveii.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: install_numarkidjliveii.exe	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: mshta.exe, 00000002.00000003.1761250279.000000000D67A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driv
Source: mshta.exe, 00000002.00000003.1760628329.000000000D67F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360ts.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360tsNew.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360tsOld.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/360tsOld.execonfirmPopup.descriptionconfirmPopup.description.enconfirmP
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/7-Zip.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/7-Zip.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/AIMP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/AIMP.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Backupper.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Backupper.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Chrone.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Chrone.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DirectX.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DirectX.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DotNet.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DotNet.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/DotNetXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FSImage.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FSImage.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Firefox.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FirefoxEn.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FirefoxEn.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FirefoxRu.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FlashPlayer.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FlashPlayer.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FoxitReader.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FoxitReader.exe7
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/FoxitReader.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/K-Lite.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/K-Lite.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/K-LiteXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle_win7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera64cis_woGoogle_win7.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle.exeDescription.enDescription.ru4
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle_win7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Opera86cis_woGoogle_win7.exeDescription.enDescription.rud
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink64.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink64_win7.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink_win7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaBlink_win7.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/OperaXP.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/PotPlayer.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/PotPlayer.exeH
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/PotPlayer.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/RuntimePack.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/RuntimePack.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SearcherBar.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SearcherBar.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Skype.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SkypeNew.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/SkypeXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/TeamViewer.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/TeamViewer.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/VisualCplus.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/VisualCplus.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRAR.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Br.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Br.exeDescription.enDescription.ruPTU
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Eng.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Rus.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/WinRARx86Rus.exeDescription.enDescription.rudaU
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/Yandex.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/ab/4/Internet-Start.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/ab/downloader_browser.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/internet_start.png
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/uTorrent.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/soft/uTorrent.png
Source: mshta.exe, 00000002.00000003.1763142428.000000000D690000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761124279.000000000D68A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760628329.000000000D67F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus10.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus10.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus7.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus7.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus8.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus8.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus81.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Asus81.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/AsusXP.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell10.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell10.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell7.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell81.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/Dell81.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/DriverPack-Alice.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/FujitsuNT.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/HPNT.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/MSI64.exe
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/MSI64.exeDescription.enDescription.ru
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/MSI86.exe
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/ToshibaNT.exe
Source: mshta.exe, 00000002.00000003.1786062031.000000000D713000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/V
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.driverpack.io/tools/VizioNT.exe
Source: drp.js.0.dr	String found in binary or memory: http://dl.drp.su
Source: mshta.exe, 00000002.00000003.1905187770.000000000F2AF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1904906240.000000000F2A6000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1905056715.000000000F2A7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/driverpacks/repack/MassStorage/LSI/FORCED/5x64/SAS_1.34.03/LSI-FORCED-5x64-SAS_1.34
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/360ts.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/360tsNew.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/7-Zip.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/7-Zip.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AIMP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AIMP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AvastAntivirus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AvastAntivirusA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/AvastAntivirusWorldwideA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Backupper.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Backupper.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Chrone.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Chrone.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DirectX.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DirectX.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DotNet.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DotNet.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DotNetXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DriverPack-Cloud-New.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/DriverPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FSImage.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FSImage.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox64en.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox64ru.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox86en.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Firefox86ru.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FlashPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/FlashPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/K-Lite.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/K-Lite.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Opera.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Opera64cis_woGoogle.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Opera86cis_woGoogle.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaBlink.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaBlink64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/OperaXP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PDFViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PDFViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PotPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/PotPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/RuntimePack.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/RuntimePack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Skype.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Skype.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/SkypeXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/TeamViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/TeamViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/VisualCplus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/VisualCplus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRAR.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRARx86Br.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRARx86Eng.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/WinRARx86Rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/Yandex.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/YandexLiteUSA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/YandexPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/internet_start.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/empty.cmd
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/wcry_patch_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/wcry_smb_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows7-kb4012212-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows7-kb4012212-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8.1-kb4012213-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windows8.1-kb4012213-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windowsxp-kb4012598-x86-custom-enu.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/system/windowsxp-kb4012598-x86-custom-rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/uTorrent.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/soft/uTorrent.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus8.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Asus81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/AsusXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Dell10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Dell7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/Dell81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/FujitsuNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/HPNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/MSIx64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/MSIx86.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/ToshibaNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/tools/VizioNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://dl.drp.su/updates/beetle
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/updates/ya-downloader/downloader_browser.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.drp.su/updates/ya-downloader/downloader_elements.exe
Source: drp.js.0.dr	String found in binary or memory: http://download.driverpacks.net
Source: drp.js.0.dr	String found in binary or memory: http://download.drp.su
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/17-online/DriverPack-17-Online.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/1074CBD200BFFA29C675BCCDD3D57800.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/137B107B11BC904FCCEFE14AB625FA7F.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/1C4C655B028F246E77B97465CDE78B02.png
Source: mshta.exe, 00000002.00000003.1924070113.000000000D72A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/2601EE98B41E8800E63FAF547D46059E.png
Source: mshta.exe, 00000002.00000003.1924070113.000000000D72A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/298FA6E90D6DAE33BBEBE4ABD99307FF.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/4157251F9FB77BBB33508F8AE6F93E4D.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/44E73F3C92E551742A13ED5FE352DE77.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/456022F12008313E6B7E1412FFE3FE1B.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/91EC006ED46884324AEE90DF1D331644.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/986ADC545FA5BFDD736DBF5AFB90D384.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/A7E0E51E2D06CBE71986E6E5100E7151.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/D1618DE8AA6B69CB87DD29DCF0EAF769.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/E38CFFEAD913423A620C3914CEF36C7C.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/F803D99FCBEE0DAEEDDF626262584917.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/FEF2BD7EC16BC959302A18A342650D53.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/winrar.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/clean-icons/yandex_browser_manager.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Chipset/Intel/WinAll/Chipset/9.3.2.1020_NEW/Intel-WinAll-C
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/Allx86/10.1.0.1008_rst/Intel-FORC
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/Allx86/11.2.0.1006_TWEAK/Intel-FO
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/Allx86/8.9.8.1005_TWEAK/Intel-FOR
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/MassStorage/Intel/FORCED/NTx86/12.8.6.1000_TWEAK/Intel-FOR
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/Asus_6.10.6233.224/IDT-AllNTx64x
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/ECS_6.10.6207.2/IDT-AllNTx64x86-
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/HP_6.10.6233.266/IDT-AllNTx64x86
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/Lenovo_6.10.6233/IDT-AllNTx64x86
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/7-Zip.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/7-Zip.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AIMP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AIMP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AvastAntivirus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AvastAntivirusA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/AvastAntivirusWorldwideA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Backupper.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Backupper.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DirectX.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DirectX.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DotNet.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DotNet.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DotNetXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack-Cloud-New.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack-Cloud.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack-Notifier.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/DriverPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FSImage.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FSImage.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Firefox.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Firefox.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FlashPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/FlashPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/K-Lite.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/K-Lite.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Opera.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaBlink.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaBlink64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/OperaXP.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PDFViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PDFViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PotPlayer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/PotPlayer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/RuntimePack.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/RuntimePack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Skype.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Skype.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/SkypeXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/TeamViewer.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/TeamViewer.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/VisualCplus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/VisualCplus.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRAR.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRARx86Br.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRARx86Eng.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/WinRARx86Rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/Yandex.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/YandexLiteUSA.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/YandexPack.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/empty.cmd
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/wcry_patch_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/wcry_smb_icon.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows7-kb4012212-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows7-kb4012212-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x64-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-enu.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8-rt-kb4012598-x86-custom-rus.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8.1-kb4012213-x64.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windows8.1-kb4012213-x86.msu
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windowsxp-kb4012598-x86-custom-enu.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/system/windowsxp-kb4012598-x86-custom-rus.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/uTorrent.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/soft/uTorrent.png
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/stable/DriverPack-Online-lts-17-6-12.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus8.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Asus81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/AsusXP.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Dell10.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Dell7.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/Dell81.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/FujitsuNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/HPNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/MSIx64.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/MSIx86.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/ToshibaNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/tools/VizioNT.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/updates/ya-downloader/downloader_browser.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/updates/ya-downloader/downloader_browser_tr.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.drp.su/updates/ya-downloader/downloader_elements.exe
Source: install_numarkidjliveii.exe, install_numarkidjliveii.exe, 00000000.00000002.1683416761.0000000000412000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://downloader.yandex.net/yandex-pack/do
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://downloader.yandex.net/yandex-pack/downloader/info.rssDownloading
Source: mshta.exe, 00000002.00000003.1825092473.000000000C035000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847444165.000000000C07F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1854528256.000000000C07F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1905610057.000000000F161000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://drp.su/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://drp.su/error/noscript/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://fb.me/react-devtools
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://fb.me/react-warning-keys
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://fb.me/react-warning-polyfills
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/1wAmHx
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/4Y4pDk
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/6Vqhm0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/8FZo5V
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/916lJJ
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/9ITlV0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/DT1qyG
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/EC22Yn
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/KsIlge
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/LhFpo0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/OsFKC8
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/hPuiwB
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/hc1DLj
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/iWrZbw
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/m3OTXk
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/o84o68
Source: drp.js.0.dr	String found in binary or memory: http://goo.gl/s8MMhc
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://goo.gl/sdkXL9
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://new.internet-start.net/?q=
Source: install_numarkidjliveii.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: install_numarkidjliveii.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ocsp.thawte.com0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://online.drp.su/
Source: mshta.exe, 00000002.00000003.1901453716.000000000F1F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://online.drp.su/driverpack_online/api_response_received/17.10.7_online
Source: mshta.exe, 00000002.00000003.1931970995.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://online.drp.su/driverpack_online/gdpr_popup_showed/17.10.7_online
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4095931400.00000000073C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000007.00000002.4091887623.0000000004EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://static.drp.su/update/logs/script.js
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://static.drp.su/update/logs/style.css
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: install_numarkidjliveii.exe	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su
Source: mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/
Source: mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/;YU
Source: mshta.exe, 00000002.00000003.1851479660.000000000D5B4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889545060.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890604360.000000000D5B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887394083.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932103729.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5B4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890448098.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925479515.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930453589.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/C
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/U
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1892936292.000000000D573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890448098.000000000D5AC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1931128371.000000000D6A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleaner
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanerK
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanerMX
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleaner_
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleaneraX;
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanertVersion
Source: mshta.exe, 00000002.00000003.1887394083.000000000D573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1892936292.000000000D573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/cleanery
Source: mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su/api/events
Source: mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events)
Source: mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events);
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/kSolution.html
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932746227.000000000D90A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/kSolution.html0
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932746227.000000000D90A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/kSolution.html0s_other.0
Source: mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/events:
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsA8050
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsO
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsOD
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsQ
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsXO
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsce
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsd
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventsocal/Temp/DriverPack-2024041790000/css/proximanova.css
Source: mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/eventssoft
Source: mshta.exe, 00000002.00000003.1886982602.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su/api/logs
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs0
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs2A&
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs5
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs6O
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1885957062.000000000D798000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887008788.000000000D798000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888539563.000000000D79F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D78E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs7
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs9:
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs;
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsE0.
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsFA
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsG
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787776238.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsJ
Source: mshta.exe, 00000002.00000003.1925941669.000000000BF8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsMA
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsRO
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsS
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsT
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsX
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsY
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsYi
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs_
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsa
Source: mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logscO
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsh
Source: mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsq
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsr
Source: mshta.exe, 00000002.00000003.1821703159.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825764669.000000000D8E5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1824560475.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825992676.000000000D8F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782884403.000000000D8C9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logss
Source: mshta.exe, 00000002.00000003.1762525323.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853844743.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847347746.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855292346.000000000C0DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822464872.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1852212758.000000000C0D8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1849235655.000000000C0D7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787124168.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825092473.000000000C0DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsv
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logsw
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886838189.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886982602.000000000D897000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logswY
Source: mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/logs~
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848324923.000000000E7F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/select
Source: mshta.exe, 00000002.00000003.1848324923.000000000E7F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/select?M
Source: mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/selectL
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/selectO
Source: mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/selectz
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve.(
Source: mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve0
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieve?(
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieveG(
Source: mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrieveH
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/api/user-choice/driver/retrievea
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://update.drp.su/firebug/firebug-lite-debug.js
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/h
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/q
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/v2/
Source: mshta.exe, 00000002.00000003.1853844743.000000000C0A8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su/v2/soft/?callback
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.su:80/v2/soft/?callbackika/watch.js...E
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.drp.suL
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4095931400.00000000073C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Open
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1708680352.000000000BFD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoLightWebfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoThinWebfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1708680352.000000000BFD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Webfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://www.google-analytics.com/collect
Source: mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-58593486-1&cid=589230014.4837132694&t=even
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860913261.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888643545.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889202329.000000000D7F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866113292.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-68879973-2
Source: mshta.exe, 00000002.00000003.1928894844.000000000C0DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902979908.000000000F271000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927427442.000000000E886000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866809798.000000000D90A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D540000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902650902.000000000F261000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D78E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902740292.000000000F263000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1893429908.000000000D90F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887587139.000000000D90A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902896216.000000000F270000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1902786078.000000000F268000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928894844.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-68879973-23&cid=589230014.4837132694&t=eve
Source: mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-68879973-26&cid=589230014.4837132694&t=eve
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860913261.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888643545.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889202329.000000000D7F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866113292.000000000D809000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-69093127-16&cid=589230014.48371326
Source: mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&ds=hta&tid=UA-69093127-16&cid=589230014.4837132694&t=eve
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&tid=UA-68879973-6&aip=1
Source: mshta.exe, 00000002.00000003.1686295373.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.marksimonson.comM
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008DDB000.00000004.00000020.00020000.00000000.sdmp, proxima_nova_semibold-webfont.eot.0.dr	String found in binary or memory: http://www.marksimonson.comhttp://www.marksimonson.comhttp://www.ms-studio.com/FontSales/msslicensea
Source: mshta.exe, 00000002.00000003.1686295373.0000000008DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.marksimonson.comhttp://www.ms-studio.com/FontSales/msslicenseagreement.htmlWebfont
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: http://www.msftncsi.com/ncsi.txt
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com/eula/computers
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com/privacy
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opera.com/ru/computer/features
Source: powershell.exe, 00000007.00000002.4091887623.0000000004EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://allfont.ru/
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://allfont.ru/allfont.css?fonts=lucida-console
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://allfont.ru/l
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787776238.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxwindow.modelDatawindow.modelData.typewindow.modelData
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ar/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/az/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/be/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, bg.js.0.dr	String found in binary or memory: https://driverpack.io/bg/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/bn/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ca/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/cs/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, de.js.0.dr	String found in binary or memory: https://driverpack.io/de/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/el/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/es-419/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/es/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, et.js.0.dr	String found in binary or memory: https://driverpack.io/et/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/fa/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/fr/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/gu/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/hi/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/hu/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/hy/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/id/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/it/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ka/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ko/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ku/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/nl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/no/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/om/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/pl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/pt-pt/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ro/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/sk/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/sr/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/sw/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ta/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/te/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/tg/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/th/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/tl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/uk/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/ur/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/uz/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, vi.js.0.dr	String found in binary or memory: https://driverpack.io/vi/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/yo/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://driverpack.io/zh-cn/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: https://drp.su/
Source: install_numarkidjliveii.exe	String found in binary or memory: https://drp.su/0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr	String found in binary or memory: https://drp.su/en/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/pt-br/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/ru/catalog
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/ru/cloud
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/ru/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/sl/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/sq/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drp.su/tr/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, zh.js.0.dr	String found in binary or memory: https://drp.su/zh/info/translators
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747365851.000000000DF61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782506271.000000000E3D0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1769352059.000000000DF61000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1787776238.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782611297.000000000DEC0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782567835.000000000E380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getyabrowser.com
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://getyabrowser.comDescription.en
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.4095931400.00000000073C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000007.00000002.4091887623.0000000005046000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iframe-tasks.yandex
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iframe-toloka.com
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686824877.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E3E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.co
Source: mshta.exe, 00000002.00000003.1887394083.000000000D542000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com
Source: mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889202329.000000000D7F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888705088.000000000D7F2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/$
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/.sValueName(
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/AppData/Local/Temp/DriverPack-2024041790000/DriverPackSolution.html&3
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/ata
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/b
Source: mshta.exe, 00000002.00000003.1887238401.000000000E87F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1998636339.000000000F3F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal
Source: mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855324168.000000000C01A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal
Source: mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1998636339.000000000F3F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/e.drp.su/api/events21~~local~~/
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/erPack-2024041790000/DriverPackSolution.html
Source: mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/l
Source: mshta.exe, 00000002.00000003.1887625182.000000000E81F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930641132.000000000E823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gif
Source: mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866156139.000000000D8DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866544005.000000000D8F1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gif/DriverPack-2024041790000/css/icons-checkbox.css
Source: mshta.exe, 00000002.00000003.1866625586.000000000E81F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848369159.000000000E82E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1861118515.000000000E82E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1892575034.000000000E82C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887625182.000000000E81F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gifB
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gifor
Source: mshta.exe, 00000002.00000003.1866625586.000000000E81F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848369159.000000000E82E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1861118515.000000000E82E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/metrika/advert.gifr
Source: mshta.exe, 00000002.00000003.1884764232.000000000D670000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889836044.000000000D670000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886782054.000000000D670000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cooki
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_check
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_checkX2
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_checkerPack-2024041790000/css/fonts/Open-Sans/opensans-regul
Source: mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_checkk2
Source: mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs
Source: mshta.exe, 00000002.00000003.1987754412.000000000DF09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482/1?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLoc
Source: mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa
Source: mshta.exe, 00000002.00000003.1987754412.000000000DF09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482?page-url=http%3A%2F%2Fonline.drp.su%2Fdriverpack_online%2Fappli
Source: mshta.exe, 00000002.00000003.1886782054.000000000D670000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData
Source: mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888993126.000000000C0CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928894844.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890258342.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/33423178?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData
Source: mshta.exe, 00000002.00000003.1887162106.000000000D6F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891524730.000000000D692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/46420341/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa
Source: mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/46420341?wmode=7&page-url=fi
Source: mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888993126.000000000C0CA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887587139.000000000D90A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865950348.000000000D78E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BFBD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890258342.000000000C0CB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1890670016.000000000E79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.com/watch/46420341?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mc.yandex.md/cc
Source: powershell.exe, 00000007.00000002.4094533639.0000000005F59000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/GTA5/?utm_source=driverpack&utm_medium=referral&utm_campaign=Games
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/Hitman_demo/?utm_source=driverpack&utm_medium=referral&utm_term=Hitman&u
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/Resident_evil_7_Demo/?utm_source=driverpack&utm_medium=referral&utm_term
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/mafia3_demo/?utm_source=driverpack&utm_medium=referral&utm_term=mafia3&u
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/overwatch/?utm_source=driverpack&utm_medium=referral&utm_campaign=Games
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/game/sid_meiers_civilization_vi_demo/?utm_source=driverpack&utm_medium=referr
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/games/?utm_source=driverpack&utm_medium=referral&utm_campaign=Games
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/intro_doom/?utm_source=driverpack&utm_medium=referral&utm_term=doom&utm_conte
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/intro_witcher3/?utm_source=driverpack&utm_medium=referral&utm_term=witcher3&u
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://playkey.net/ru/reg/?utm_source=driverpack&utm_medium=referral&utm_term=reg&utm_campaign=driv
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s3.mds.yandex.net/internal-metrika-betas
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sdi-tool.org/yandex_games.ico
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sdi-tool.org/yandex_pogoda.ico
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D5D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/games
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/gameslnk1.WindowStylelnk1.IconLocation
Source: mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1763142428.000000000D690000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761124279.000000000D68A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1763230331.000000000D693000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/meteum
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://short.driverpack.io/meteumlnk2.WindowStylelnk2.IconLocation
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: https://vk.com/driverpacksolution
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/driverpacksolution?w=wall-29220845_58256
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/driverpacksolution?w=wall-29220845_61453
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/driverpacksolution?w=wall-29220845_63691
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742910
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742915
Source: mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/topic-29220845_347429158#N
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742952
Source: mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/topic-29220845_34742952p
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742960
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742983
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34742999
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34743004
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34743007
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp, install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr, vi.js.0.dr, et.js.0.dr, zh.js.0.dr, bg.js.0.dr, ps.js.0.dr, de.js.0.dr	String found in binary or memory: https://vk.com/topic-29220845_34743011
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/license/360-total-security/
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/privacy/
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/privacy/Description.en
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/free-antivirus-download
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.ru/free-antivirus-download
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.ru/privacy-policy
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.fontsquirrel.com)
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	String found in binary or memory: https://www.google-analytics.com/collect
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/about/legal/eula/
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/Description.endWU
Source: mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/computer
Source: mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/computerDescription.en
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com/an/sync_cookie
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com/legal/browser_agreement/
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yandex.com/legal/privacy/
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/gdpr/v3/gdpr
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/metrika
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/metrika/2.1540128042.1/form-selector/button_ru.js
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
Source: mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ymetrica1.com/watch/3/1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 172.67.209.192:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.88.21.119:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.250.250.119:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_004070F7 GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetDlgItemTextA,ShowWindow,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004070F7

System Summary

Creates HTA files

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\run.hta	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\modules\bugreport.hta	Jump to behavior

Writes or reads registry keys via WMI

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetDWORDValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_0040435D EntryPoint,SetErrorMode,GetVersion,InitCommonControls,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,DeleteFileA,DeleteFileA,GetWindowsDirectoryA,DeleteFileA,DeleteFileA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,DeleteFileA,DeleteFileA,OleUninitialize,GetCurrentProcess,ExitWindowsEx,ExitProcess,

0_2_0040435D

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00421A12	0_2_00421A12
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00421CD7	0_2_00421CD7
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00424CE6	0_2_00424CE6
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004208F0	0_2_004208F0
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00424D63	0_2_00424D63
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0042096D	0_2_0042096D
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00423F0E	0_2_00423F0E
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0041CD3A	0_2_0041CD3A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004217EE	0_2_004217EE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 7_2_0480947F	7_2_0480947F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 7_2_04808507	7_2_04808507

Source: install_numarkidjliveii.exe

Static PE information: invalid certificate

Source: install_numarkidjliveii.exe	Binary or memory string: OriginalFilename vs install_numarkidjliveii.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1683416761.0000000000412000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedownloader.exeB vs install_numarkidjliveii.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemicrostub.exeL vs install_numarkidjliveii.exe
Source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedownloader.exeB vs install_numarkidjliveii.exe

Source: C:\Windows\SysWOW64\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Source: install_numarkidjliveii.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Process created: C:\Windows\SysWOW64\reg.exe C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg"

Source: classification engine

Classification label: mal100.phis.spyw.expl.evad.winEXE@29/417@5/5

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_00405C30 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,GetDiskFreeSpaceA,MulDiv,

0_2_00405C30

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Code function: 0_2_0040296E CoCreateInstance,MultiByteToWideChar,

0_2_0040296E

Source: C:\Windows\SysWOW64\mshta.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\allfont[1].css

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7160:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7312:120:WilError_03

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

File created: C:\Users\user\AppData\Local\Temp\nsd21ED.tmp

Jump to behavior

Source: install_numarkidjliveii.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" hardware"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" drivers"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" newsoft"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Name = "wscript.exe" AND CommandLine LIKE "%\"C:\\Users\\user\\AppData\\Local\\Temp\\DriverPack-2024041790000\\prepare.js\" localdiagnostics"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process WHERE Handle = "7916"

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep

Source: install_numarkidjliveii.exe	ReversingLabs: Detection: 32%
Source: install_numarkidjliveii.exe	Virustotal: Detection: 43%

Source: install_numarkidjliveii.exe

String found in binary or memory: 3http://crl.usertrust.com/AddTrustExternalCARoot.crl05

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

File read: C:\Users\user\Desktop\install_numarkidjliveii.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\install_numarkidjliveii.exe "C:\Users\user\Desktop\install_numarkidjliveii.exe"
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\reg.exe C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg"
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\mshta.exe C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta
Source: C:\Windows\SysWOW64\reg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\reg.exe C:\Windows\system32\reg.exe import "C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\Tools\patch.reg"	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process created: C:\Windows\SysWOW64\mshta.exe C:\Windows\system32\mshta.exe C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\run.hta	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe"

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxtrans.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ddrawex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxtmsft.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: t2embed.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: imgutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: esscli.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: esscli.dll

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: install_numarkidjliveii.exe

Static file information: File size 4887336 > 1048576

Source:	Binary string: $^q7C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.pdb source: powershell.exe, 00000007.00000002.4091887623.0000000005472000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb source: install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Obfuscated command line found

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"

Source: AvastAntivirusA.exe.0.dr	Static PE information: section name: .didat
Source: AvastAntivirusWorldwideA.exe.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00401860 push eax; mov dword ptr [esp], ebx	0_2_0040191A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040183B push edi; mov dword ptr [esp], eax	0_2_0040184E
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push eax; mov dword ptr [esp], ebx	0_2_0040628F
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push ebx; mov dword ptr [esp], 00434400h	0_2_004062AA
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push eax; mov dword ptr [esp], 0040B3B0h	0_2_00406432
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004060E9 push esi; mov dword ptr [esp], 00000001h	0_2_004064F1
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00401AEC push edx; mov dword ptr [esp], eax	0_2_00401B39
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00401AEC push edi; mov dword ptr [esp], 00412840h	0_2_00401B50
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push esi; mov dword ptr [esp], 00000004h	0_2_004071A6
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push ecx; mov dword ptr [esp], 00000015h	0_2_004071D7
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push eax; mov dword ptr [esp], ebx	0_2_0040742D
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004070F7 push eax; mov dword ptr [esp], 00000001h	0_2_0040749A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004042A4 push eax; mov dword ptr [esp], 00435400h	0_2_004042B7
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004042A4 push eax; mov dword ptr [esp], 00435400h	0_2_004042D9
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408147 push ebx; mov dword ptr [esp], 0042AF40h	0_2_00408164
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408147 push eax; mov dword ptr [esp], 0042AF40h	0_2_004081DC
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 0040B301h	0_2_0040439E
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push ebx; mov dword ptr [esp], 0040B309h	0_2_004043AB
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push esi; mov dword ptr [esp], 0040B311h	0_2_004043B8
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push edi; mov dword ptr [esp], 0000000Dh	0_2_004043C5
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 0000000Bh	0_2_004043D2
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push esi; mov dword ptr [esp], 00000000h	0_2_0040445D
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push edx; mov dword ptr [esp], eax	0_2_0040449A
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], ebx	0_2_0040457C
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 00435400h	0_2_004046D2
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push ecx; mov dword ptr [esp], 00427D20h	0_2_00404747
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push eax; mov dword ptr [esp], 00427D20h	0_2_004047AC
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040435D push ebx; mov dword ptr [esp], 00000002h	0_2_00404824
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004049C6 push eax; mov dword ptr [esp], ebx	0_2_004049F4
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00404FD9 push eax; mov dword ptr [esp], 00000405h	0_2_00405501
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_004025F9 push ecx; mov dword ptr [esp], ebx	0_2_0040261A

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser_tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_elements.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	File created: C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusWorldwideA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	File created: C:\Users\user\AppData\Local\Temp\nst22E9.tmp\System.dll	Jump to dropped file

Source: C:\Windows\SysWOW64\mshta.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Microsoft-Windows-Diagnostics-Performance/Operational

Jump to behavior

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries pointing device information (via WMI, Win32_PointingDevice, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PointingDevice

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity

Queries sensitive battery information (via WMI, Win32_Battery, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PortableBattery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Battery

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter

Queries sensitive printer information (via WMI, Win32_Printer, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Printer

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT State, Name FROM Win32_Service WHERE Name="wscsvc"
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT State, Name FROM Win32_Service WHERE Name="wscsvc"

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_SoundDevice

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 655464

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5350
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4414

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser_tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_elements.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusWorldwideA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst22E9.tmp\System.dll	Jump to dropped file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7004	Thread sleep count: 5350 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7244	Thread sleep time: -17524406870024063s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6836	Thread sleep count: 4414 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7920	Thread sleep time: -655464s >= -30000s

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Baseboard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystemProduct

Source: C:\Windows\SysWOW64\mshta.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_0040810F FindFirstFileA,FindClose,	0_2_0040810F
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00408592 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00408592
Source: C:\Users\user\Desktop\install_numarkidjliveii.exe	Code function: 0_2_00403411 FindFirstFileA,	0_2_00403411

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\rundll32.exe	Thread delayed: delay time: 655464

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior

Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverCD-ROM DriveCDROMSCSI\CdRomNECVMWarVMware_SATA_CD001.00SCSI\CdRomSCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000{4d36e965-e325-11ce-bfc1-08002be10318}Bus Number 0, Target Id 0, LUN 0\Device\00000025(Standard CD-ROM drives)NECVMWar VMware SATA CD00cdrom.infMicrosoft20060621000000.****+*CD-ROM Drive10.0.19041.1266Microsoft Windows
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "name": "VMware VMCI Bus Device",
Source: mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <script type="text/javascript">window.data.push({"type":"log","data":{"lvl":"debug","tags":["quickstart","wmi"],"namespace":"systemScanner:wmi:collected","message":"localdiagnostics data from WMI","params":{"task":"localdiagnostics","data":{"Computer":{"Summary":{"Computer":{"Manufacturer":"vmware","Model":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Computer Type":"x64-based PC","Operating System":"Microsoft Windows 10 Pro","Internet Explorer":"11.789.19041.0","Computer Name":"user-PC","User Name":"user-PC\\user","Logon Domain":"9T45V","Date / Time":"Wed Oct 04 2023 13:02:16 GMT+0200 (W. Europe Summer Time)"},"Temperature":{},"Motherboard":{"CPU Type":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, 2000 MHz, 4-core","Motherboard Name":"Base Board","System Memory":"4096 MB","BIOS Type":"EO1CO (2022.11.21)"},"Display":{"Video Adapter":["UT3DDWT9P (1024 MB)"],"Monitor":["Default Monitor Default Monitor"]},"Multimedia":{"Audio Adapter":[]},"Storage":{"IDE Controller":[null,"Intel(R) 82371AB/EB PCI Bus Master IDE Controller","ATA Channel 0","ATA Channel 1"],"Disk Drive":["TY2WBMYM SCSI Disk Device (SMART OK)"],"Optical Drive":[]},"Partitions":{"Partition":["C: (NTFS) 208.15 GB (18.59 GB free)"]},"Input":{"Keyboard":["Standard PS/2 Keyboard"],"Mouse":["USB Input Device","PS/2 Compatible Mouse","USB Input Device"]},"Network":{"Network Adapter":["Microsoft Kernel Debug Network Adapter","Intel(R) 82574L Gigabit Network Connection (MAC EC:F4:BB:EA:15:88)","WAN Miniport (SSTP)","WAN Miniport (IKEv2)","WAN Miniport (L2TP)","WAN Miniport (PPTP)","WAN Miniport (PPPOE)","WAN Miniport (IP) (MAC 5A:8C:20:52:41:53)","WAN Miniport (IPv6) (MAC 60:B7:20:52:41:53)","WAN Miniport (Network Monitor) (MAC 6A:3D:20:52:41:53)"]},"Peripherals":{"Printer":["OneNote","OneNote (Desktop)","Microsoft XPS Document Writer","Microsoft Print to PDF","Fax"],"USB Controller":[null],"Battery":[]},"DMI":{"DMI BIOS Vendor":"L56PU","DMI BIOS Version":"EO1CO","DMI System Manufacturer":"VMware, Inc.","DMI System Product":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","DMI System Version":"None","DMI System Serial Number":"YYP1F3","DMI System UUID":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","DMI Motherboard Manufacturer":"ER92CEX396","DMI Motherboard Product":"NBFTB4BSLY","DMI Motherboard Version":"None","DMI Motherboard Serial Number":"0434673422260797","DMI Chassis Manufacturer":"No Enclosure","DMI Chassis Version":"N/A","DMI Chassis Serial Number":"None","DMI Chassis Asset Tag":"No Asset Tag","DMI Chassis Type":"Other"}},"Power Management":{"Power Management Properties":{},"Battery Properties":{}}},"Operating System":{"Operating System":{"Operating System Properties":{"OS Name":"Microsoft Windows 10 Pro","OS Language":"en-GB","OS Kernel Type":"Multiprocessor Free (64-bit)","OS Version":"10.0.19045","OS Installation Date":"Tue Oct 03 2023 09:57:18 GMT+0200 (W. Europe Summer Time)","OS Root":"C:\\Windows"},"License Information":{"Registered Owner":"hardz","Product ID":"00330-71388-77104-AAOEM"},"Cur
Source: mshta.exe, 00000002.00000003.1848686020.000000000C026000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UH_UP&DEV_1975&SUBSYS_15AD1975&REV_1001"]},{"deviceId":"ACPI\\VMW0001\\7","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ACPI\\VMW0001"]},{"deviceId":"ACPI\\PNP0200\\4&1BD7F811&0","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ACPI\\PNP0200"]},{"deviceId":"SWD\\MSRRAS\\MS_PPPOEMINIPORT","status":"OK","statusCode":0,"classGuid":"{4d36e972-e325-11ce-bfc1-08002be10318}","hardwareId":["SWD\\MSRRAS"]},{"deviceId":"PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00\\3&218E0F40&0&18","status":"OK","statusCode":0,"classGuid":"{4d36e96a-e325-11ce-bfc1-08002be10318}","hardwareId":["PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00"]},{"deviceId":"ROOT\\VDRVROOT\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VDRVROOT"]},{"deviceId":"ACPI\\ACPI0003\\1","status":"OK","statusCode":0,"classGuid":"{72631e54-78a4-11d0-bcf7-00aa00b7b32a}","hardwareId":["ACPI\\ACPI0003"]},{"deviceId":"SWD\\PRINTENUM\\{403E365F-43ED-4C49-9062-C8F014B3A645}","status":"OK","statusCode":0,"classGuid":"{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}","hardwareId":["SWD\\PRINTENUM"]},{"deviceId":"HID\\VID_0E0F&PID_0003&MI_00\\7&10DF666E&0&0000","status":"OK","statusCode":0,"classGuid":"{4d36e96f-e325-11ce-bfc1-08002be10318}","hardwareId":["HID\\VID_0E0F&PID_0003&MI_00","HID\\VID_0E0F&PID_0003&MI_00&MI_00"]},{"deviceId":"ROOT\\VOLMGR\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VOLMGR"]}],"model":{"type":"Other","vendor":"VMware","name":"user-PC","info":{"computerSystem":{"Manufacturer":"dhRa25mUHcgXWd2","Model":"hN3D7p9L","Caption":"user-PC"},"computerSystemProduct":{"Vendor":"VMware, Inc.","Name":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Version":"None"},"baseBoard":{"Product":"NBFTB4BSLY","Version":"None","Manufacturer":"ER92CEX396"}}},"windows":{"ver":"10.0","arch":"64","build":19045},"limit":5,"useRank":{"filter":false,"sort":true},"markers
Source: mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "DMI System Manufacturer": "VMware, Inc.",
Source: mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "Vendor": "VMware, Inc.",
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "deviceId": "SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\4&1656F219&0&000000",
Source: mshta.exe, 00000002.00000003.1861042912.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891919005.0000000008E5D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverVMware VMCI Bus DeviceSYSTEMPCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10PCI\VEN_15AD&DEV_0740&REV_10PCI\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\3&61AAA01&0&3F{4d36e97d-e325-11ce-bfc1-08002be10318}PCI bus 0, device 7, function 7\Device\NTPNP_PCI0010VMware, Inc.oem2.infVMware, Inc.20211029000000.****+*VMware VMCI Bus Device9.8.18.0Microsoft Windows Hardware Compatibility Publisher[
Source: mshta.exe, 00000002.00000003.1786033931.000000000D751000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverMicrosoft Hyper-V Virtualization Infrastructure DriverSYSTEMROOT\VIDROOT\VID\0000{4d36e97d-e325-11ce-bfc1-08002be10318}\Device\00000003Microsoftwvid.infMicrosoft20060621000000.****+*Microsoft Hyper-V Virtualization Infrastructure Driver10.0.19041.1466Microsoft Windows
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: mshta.exe, 00000002.00000003.1786062031.000000000D713000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Generation Counter{4d36e97d-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityMicrosoft Hyper-V Generation CounterACPI\VMW0001\7System.String[]MicrosoftMicrosoft Hyper-V Generation CounterSystemACPI\VMW0001\7gencounterOKWin32_ComputerSystemuser-PC1-
Source: mshta.exe, 00000002.00000003.1932353923.000000000E7DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "17.10.7 Online","action":"drivers statistics collected","lvl":"info","tags":[],"namespace":"driversStatistics:collected","params":{"driversStatistics":{"model":{"type":"Other","vendor":"VMware"},"windows":{"ver":"10.0","arch":"64","build":19045,"installDate":"20220616"},"devices":[{"device":{"deviceId":"SWD\\MSRRAS\\MS_NDISWANBH","hardwareId":["SWD\\MSRRAS"],"status":"OK","statusCode":0},"currentDriver":{"deviceId":"SWD\\MSRRAS
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRomNECVMWarVMware_SATA_CD001.00
Source: mshta.exe, 00000002.00000003.1901186540.000000000F1EB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\4&1656F219&0&000000"w
Source: mshta.exe, 00000002.00000003.1847142567.000000000D757000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Generation Counter",
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "deviceId": "SCSI\\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\\4&224F42EF&0&000000",
Source: mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "vendor": "VMware",
Source: mshta.exe, 00000002.00000003.1865796994.000000000F670000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "vendor": "VMware"
Source: mshta.exe, 00000002.00000003.1924070113.000000000D70E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 4D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1782884403.000000000D8C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.NonengCurren
Source: mshta.exe, 00000002.00000003.1786062031.000000000D713000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00
Source: mshta.exe, 00000002.00000003.1884482283.000000000E649000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "vendor": "VMware"
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782940699.000000000D8AD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786033931.000000000D751000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware VMCI Bus Device
Source: mshta.exe, 00000002.00000003.1928894844.000000000C0DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None0.7%20OnliP
Source: mshta.exe, 00000002.00000003.1847142567.000000000D757000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Virtualization Infrastructure Driver",
Source: mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll18
Source: mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782940699.000000000D8AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure Driver{4d36e97d-e325-11ce-bfc1-08002be10318}Win32_PnPEntityMicrosoft Hyper-V Virtualization Infrastructure DriverROOT\VID\0000System.String[]MicrosoftMicrosoft Hyper-V Virtualization Infrastructure DriverSystemROOT\VID\0000VidOKWin32_ComputerSystemuser-PC
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_PnPSignedDriverDisk driveDISKDRIVESCSI\DiskVMware__Virtual_disk____2.0_SCSI\DiskSCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000{4d36e967-e325-11ce-bfc1-08002be10318}Bus Number 0, Target Id 0, LUN 0\Device\00000023(Standard disk drives)VMware Virtual disk SCSI Disk Devicedisk.infMicrosoft20060621000000.****+*Disk drive10.0.19041.1865Microsoft WindowsR
Source: mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: mshta.exe, 00000002.00000003.1865796994.000000000F670000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865950348.000000000D757000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Generation Counter",
Source: mshta.exe, 00000002.00000003.1931128371.000000000D6A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 48-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1884433449.000000000F510000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884482283.000000000E649000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Generation Counter",
Source: mshta.exe, 00000002.00000003.1930991508.000000000D8A7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <script type="application/json" class="data">{"type":"log","data":{"lvl":"debug","tags":["quickstart","wmi"],"namespace":"systemScanner:wmi:collected","message":"localdiagnostics data from WMI","params":{"task":"localdiagnostics","data":{"Computer":{"Summary":{"Computer":{"Manufacturer":"vmware","Model":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Computer Type":"x64-based PC","Operating System":"Microsoft Windows 10 Pro","Internet Explorer":"11.789.19041.0","Computer Name":"user-PC","User Name":"user-PC\\user","Logon Domain":"9T45V","Date / Time":"Wed Oct 04 2023 13:02:16 GMT+0200 (W. Europe Summer Time)"},"Temperature":{},"Motherboard":{"CPU Type":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, 2000 MHz, 4-core","Motherboard Name":"Base Board","System Memory":"4096 MB","BIOS Type":"EO1CO (2022.11.21)"},"Display":{"Video Adapter":["UT3DDWT9P (1024 MB)"],"Monitor":["Default Monitor Default Monitor"]},"Multimedia":{"Audio Adapter":[]},"Storage":{"IDE Controller":[null,"Intel(R) 82371AB/EB PCI Bus Master IDE Controller","ATA Channel 0","ATA Channel 1"],"Disk Drive":["TY2WBMYM SCSI Disk Device (SMART OK)"],"Optical Drive":[]},"Partitions":{"Partition":["C: (NTFS) 208.15 GB (18.59 GB free)"]},"Input":{"Keyboard":["Standard PS/2 Keyboard"],"Mouse":["USB Input Device","PS/2 Compatible Mouse","USB Input Device"]},"Network":{"Network Adapter":["Microsoft Kernel Debug Network Adapter","Intel(R) 82574L Gigabit Network Connection (MAC EC:F4:BB:EA:15:88)","WAN Miniport (SSTP)","WAN Miniport (IKEv2)","WAN Miniport (L2TP)","WAN Miniport (PPTP)","WAN Miniport (PPPOE)","WAN Miniport (IP) (MAC 5A:8C:20:52:41:53)","WAN Miniport (IPv6) (MAC 60:B7:20:52:41:53)","WAN Miniport (Network Monitor) (MAC 6A:3D:20:52:41:53)"]},"Peripherals":{"Printer":["OneNote","OneNote (Desktop)","Microsoft XPS Document Writer","Microsoft Print to PDF","Fax"],"USB Controller":[null],"Battery":[]},"DMI":{"DMI BIOS Vendor":"L56PU","DMI BIOS Version":"EO1CO","DMI System Manufacturer":"VMware, Inc.","DMI System Product":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","DMI System Version":"None","DMI System Serial Number":"YYP1F3","DMI System UUID":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","DMI Motherboard Manufacturer":"ER92CEX396","DMI Motherboard Product":"NBFTB4BSLY","DMI Motherboard Version":"None","DMI Motherboard Serial Number":"0434673422260797","DMI Chassis Manufacturer":"No Enclosure","DMI Chassis Version":"N/A","DMI Chassis Serial Number":"None","DMI Chassis Asset Tag":"No Asset Tag","DMI Chassis Type":"Other"}},"Power Management":{"Power Management Properties":{},"Battery Properties":{}}},"Operating System":{"Operating System":{"Operating System Properties":{"OS Name":"Microsoft Windows 10 Pro","OS Language":"en-GB","OS Kernel Type":"Multiprocessor Free (64-bit)","OS Version":"10.0.19045","OS Installation Date":"Tue Oct 03 2023 09:57:18 GMT+0200 (W. Europe Summer Time)","OS Root":"C:\\Windows"},"License Information":{"Registered Owner":"hardz","Product ID":"00330-71388-77104-AAOEM"},"Curren
Source: mshta.exe, 00000002.00000003.1884433449.000000000F510000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884482283.000000000E649000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Virtualization Infrastructure Driver",
Source: mshta.exe, 00000002.00000003.1865870358.000000000F630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "manufacturer": "VMware, Inc.",
Source: drp.js.0.dr	Binary or memory string: if ([ /virtualbox/i, /vmware/i ].some(function(reg) {
Source: mshta.exe, 00000002.00000003.1886982602.000000000D897000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MI_00","HID\\VID_0E0F&PID_0003&MI_00&MI_00"]},{"deviceId":"ROOT\\VOLMGR\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VOLMGR"]}],"model":{"type":"Other","vendor":"VMware","name":"user-PC","info":{"computerSystem":{"Manufacturer":"dhRa25mUHcgXWd2","Model":"hN3D7p9L","Caption":"user-PC"},"computerSystemProduct":{"Vendor":"VMware, Inc.
Source: mshta.exe, 00000002.00000003.1782884403.000000000D8C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1865796994.000000000F670000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1865950348.000000000D757000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "name": "Microsoft Hyper-V Virtualization Infrastructure Driver",
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DiskVMware__Virtual_disk____2.0_
Source: mshta.exe, 00000002.00000003.1929376293.000000000E641000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0VMware, Inc.Noney*
Source: mshta.exe, 00000002.00000003.1867117417.000000000D69F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tus":"OK","statusCode":0,"classGuid":"{4d36e972-e325-11ce-bfc1-08002be10318}","hardwareId":["SWD\\MSRRAS"]},{"deviceId":"PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00\\3&218E0F40&0&18","status":"OK","statusCode":0,"classGuid":"{4d36e96a-e325-11ce-bfc1-08002be10318}","hardwareId":["PCI\\OGOUEFYV&DEV_07E0&SUBSYS_07E015AD&REV_00"]},{"deviceId":"ROOT\\VDRVROOT\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VDRVROOT"]},{"deviceId":"ACPI\\ACPI0003\\1","status":"OK","statusCode":0,"classGuid":"{72631e54-78a4-11d0-bcf7-00aa00b7b32a}","hardwareId":["ACPI\\ACPI0003"]},{"deviceId":"SWD\\PRINTENUM\\{403E365F-43ED-4C49-9062-C8F014B3A645}","status":"OK","statusCode":0,"classGuid":"{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}","hardwareId":["SWD\\PRINTENUM"]},{"deviceId":"HID\\VID_0E0F&PID_0003&MI_00\\7&10DF666E&0&0000","status":"OK","statusCode":0,"classGuid":"{4d36e96f-e325-11ce-bfc1-08002be10318}","hardwareId":["HID\\VID_0E0F&PID_0003&MI_00","HID\\VID_0E0F&PID_0003&MI_00&MI_00"]},{"deviceId":"ROOT\\VOLMGR\\0000","status":"OK","statusCode":0,"classGuid":"{4d36e97d-e325-11ce-bfc1-08002be10318}","hardwareId":["ROOT\\VOLMGR"]}],"model":{"type":"Other","vendor":"VMware","name":"user-PC","info":{"computerSystem":{"Manufacturer":"dhRa25mUHcgXWd2","Model":"hN3D7p9L","Caption":"user-PC"},"computerSystemProduct":{"Vendor":"VMware, Inc.","Name":"{E4A9536D-D9A7-4701-8604-9B7C160BF618}","Version":"None"},"baseBoard":{"Product":"NBFTB4BSLY","Version":"None","Manufacturer":"ER92CEX396"}}},"windows":{"ver":"10.0","arch":"64","build":19045}
Source: mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None^
Source: mshta.exe, 00000002.00000003.1901453716.000000000F1F3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\4&1656F219&0&000000"
Source: mshta.exe, 00000002.00000003.1786001624.000000000D74D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: mshta.exe, 00000002.00000003.1924346544.000000000D66E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System ProductYYP1F371434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None81228s

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Source: C:\Windows\SysWOW64\mshta.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: install_numarkidjliveii.exe PID: 6836, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\drp.js, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\nsn222C.tmp, type: DROPPED

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait | Invoke-Expression"

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression" > "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.stderr.log"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe" \|\| echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_59771.txt""	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32 kernel32,Sleep	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -NonInteractive -NoLogo -NoProfile -ExecutionPolicy Bypass "Get-Content 'C:\Users\user\AppData\Roaming\DRPSu\temp\ps.lv3gqien.fxnz0.cmd.txt' -Wait \| Invoke-Expression"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\na2e5gjd\na2e5gjd.cmdline"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4350.tmp" "c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\tools\aria2c.exe"

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c powershell -noninteractive -nologo -noprofile -executionpolicy bypass "get-content 'c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.cmd.txt' -wait \| invoke-expression" > "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stderr.log"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c "netsh advfirewall firewall add rule name="driverpack aria2c.exe" dir=in action=allow program="c:\users\user\appdata\local\temp\driverpack-2024041790000\tools\aria2c.exe" \|\| echo done & call echo done %^errorlevel% > "c:\users\user\appdata\roaming\drpsu\temp\run_command_59771.txt""
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c powershell -noninteractive -nologo -noprofile -executionpolicy bypass "get-content 'c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.cmd.txt' -wait \| invoke-expression" > "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stdout.log" 2> "c:\users\user\appdata\roaming\drpsu\temp\ps.lv3gqien.fxnz0.stderr.log"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c "netsh advfirewall firewall add rule name="driverpack aria2c.exe" dir=in action=allow program="c:\users\user\appdata\local\temp\driverpack-2024041790000\tools\aria2c.exe" \|\| echo done & call echo done %^errorlevel% > "c:\users\user\appdata\roaming\drpsu\temp\run_command_59771.txt""	Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\install_numarkidjliveii.exe

0_2_0040435D

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Modifies Internet Explorer zone settings

Source: C:\Windows\SysWOW64\mshta.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 1406

Jump to behavior

Modifies Internet Explorer zonemap settings

Source: C:\Windows\SysWOW64\reg.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update http			Jump to behavior
Source: C:\Windows\SysWOW64\reg.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update https			Jump to behavior

Modifies the windows firewall

Source: C:\Windows\SysWOW64\mshta.exe

Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\user\AppData\Roaming\DRPSu\temp\run_command_96271.txt""

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"

Source: mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1762525323.000000000C0D1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\SysWOW64\mshta.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpywareProduct

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences			Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	941 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	41 Disable or Modify Tools	1 OS Credential Dumping	3 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	112 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	1 Deobfuscate/Decode Files or Information	LSASS Memory	236 System Information Discovery	Remote Desktop Protocol	2 Browser Session Hijacking	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	11 Process Injection	1 Obfuscated Files or Information	Security Account Manager	1041 Security Software Discovery	SMB/Windows Admin Shares	1 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Process Discovery	Distributed Component Object Model	1 Email Collection	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	741 Virtualization/Sandbox Evasion	SSH	1 Clipboard Data	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Modify Registry	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	741 Virtualization/Sandbox Evasion	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Mshta	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Rundll32	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
install_numarkidjliveii.exe	32%	ReversingLabs	Win32.PUA.DriverPack
install_numarkidjliveii.exe	44%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusA.exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusA.exe	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusWorldwideA.exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusWorldwideA.exe	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser.exe	3%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser_tr.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_browser_tr.exe	3%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_elements.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\downloader_elements.exe	3%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\nst22E9.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nst22E9.tmp\System.dll	0%	Virustotal	Browse

Name	IP	Active	Malicious	Reputation
mc.yandex.ru	77.88.21.119	true	false	high
auth.drp.su	87.117.235.115	true	false	high
update.drp.su	37.9.8.75	true	false	high
allfont.ru	172.67.209.192	true	false	high
mc.yandex.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A943650839%3Ax%3A32153%3Ay%3A0%3At%3A1902%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337411&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A964748906%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A229434377%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A482164787%3Ax%3A32153%3Ay%3A0%3At%3A1788%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337400&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A55722148%3Ax%3A32153%3Ay%3A0%3At%3A409%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337262&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A587143957%3Ax%3A32153%3Ay%3A0%3At%3A2142%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337435&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A257828719%3Ax%3A32101%3Ay%3A0%3At%3A147%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337236&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A761297770%3Ax%3A32153%3Ay%3A0%3At%3A859%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337307&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-1-ui-1)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A278268286%3Ax%3A32153%3Ay%3A0%3At%3A1618%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337383&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A897563375%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A461435439%3Ax%3A32101%3Ay%3A0%3At%3A1846%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337406&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1002945535%3Ax%3A32101%3Ay%3A0%3At%3A918%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337313&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A657646641%3Ax%3A32153%3Ay%3A0%3At%3A2084%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337429&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A986971658%3Ax%3A32101%3Ay%3A0%3At%3A464%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337267&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A107870281%3Ax%3A32153%3Ay%3A0%3At%3A180%3Ap%3AA2AA*%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337239&t=gdpr(14)ti(4)	false	high
https://mc.yandex.com/clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A531994509%3Ax%3A32101%3Ay%3A0%3At%3A293%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337250&t=gdpr(14)ti(4)	false	high
http://update.drp.su/api/cleaner	false	high
https://mc.yandex.com/clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A1066264284%3Ax%3A32101%3Ay%3A0%3At%3A748%3Ap%3AA2AA*%3AX%3A627%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337296&t=gdpr(14)ti(4)	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://mc.yandex.com/sync_cookie_image_checkX2	mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	false	high
http://update.drp.su/api/cleanertVersion	mshta.exe, 00000002.00000003.1884764232.000000000D888000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889044604.000000000D8F7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886577924.000000000D8ED000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/ab/downloader_browser.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
http://update.drp.su/api/selectz	mshta.exe, 00000002.00000003.1887537071.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E7E9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E7CC000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/tools/Asus7.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/tools/Dell10.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/driverpacks/repack/Sound_IDT/IDT/AllNTx64x86/ECS_6.10.6207.2/IDT-AllNTx64x86-	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/tools/Asus7.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/7-Zip.png	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/ab/4/Internet-Start.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
https://driverpack.io/pt-pt/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/soft/VisualCplus.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://goo.gl/KsIlge	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	false	high
https://playkey.net/ru/game/Resident_evil_7_Demo/?utm_source=driverpack&utm_medium=referral&utm_term	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/Opera64cis_woGoogle_win7.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
https://driverpack.io/gu/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/tools/MSIx64.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://update.drp.su/api/events14e6Temp/DriverPack-2024041790000/	mshta.exe, 00000002.00000003.1884764232.000000000D619000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/soft/WinRARx86Rus.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://mc.yandex.co	mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://vk.com/driverpacksolution	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	false	high
https://vk.com/topic-29220845_34742952p	mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp	false	high
http://allfont.ru/allfont.css?fonts=lucida-consolei	mshta.exe, 00000002.00000003.1686824877.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686295373.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1685787481.0000000008E3C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/clean-icons/E38CFFEAD913423A620C3914CEF36C7C.png	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://playkey.net/ru/intro_witcher3/?utm_source=driverpack&utm_medium=referral&utm_term=witcher3&u	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://yastatic.net/s3/metrika	mshta.exe, 00000002.00000003.1887785838.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1886344979.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888291173.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888040496.000000000D7E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889321487.000000000D83E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930204534.000000000D822000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1927533528.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888607630.000000000D82F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928519638.000000000D805000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1860724402.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930845436.000000000D838000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1928964805.000000000D813000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848180571.000000000D845000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/soft/system/empty.cmd	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://update.drp.su/api/eventssoft	mshta.exe, 00000002.00000003.1929539862.000000000D8E2000.00000004.00000020.00020000.00000000.sdmp	false	high
http://update.drp.su/api/eventsXO	mshta.exe, 00000002.00000003.1887537071.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1884608135.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1866884721.000000000E80C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1891253717.000000000E80C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/7-Zip.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/clean-icons/44E73F3C92E551742A13ED5FE352DE77.png	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.drp.su/soft/Opera86cis_woGoogle.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://goo.gl/LhFpo0	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	false	high
http://download.driverpacks.net	drp.js.0.dr	false	high
http://dl.drp.su/soft/AIMP.png	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://playkey.net/ru/game/Hitman_demo/?utm_source=driverpack&utm_medium=referral&utm_term=Hitman&u	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/SearcherBar.png	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/soft/system/windows8.1-kb4012213-x86.msu	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/uTorrent.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drp.su/en/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1925941669.000000000BF7E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1707268648.000000000B4C8000.00000004.00000020.00020000.00000000.sdmp, en.js.0.dr	false	high
http://download.drp.su/17-online/DriverPack-17-Online.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/clean-icons/2601EE98B41E8800E63FAF547D46059E.png	mshta.exe, 00000002.00000003.1924070113.000000000D72A000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/soft/OperaBlink64.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://driverpack.io/ro/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/DirectX.png	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drp.su/ru/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.avast.ru/free-antivirus-download	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://driverpack.io/sw/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.drp.su/soft/AIMP.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://driverpack.io/hu/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/SearcherBar.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D5DA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887897979.000000000D5D4000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/PotPlayer.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
http://fb.me/react-warning-keys	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	false	high
http://nsis.sf.net/NSIS_Error	install_numarkidjliveii.exe	false	high
http://dl.drp.su/soft/system/empty.cmd	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/PotPlayer.exeH	mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.drp.su/tools/Asus8.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://sdi-tool.org/yandex_games.ico	mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1889254517.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1783040967.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825945055.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786062031.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1747394113.000000000B551000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1887263359.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D60D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761279789.000000000D633000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1851785452.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1746567490.000000000D920000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1848686020.000000000C031000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1924346544.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1888409393.000000000D5D5000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.drp.su/tools/Dell81.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/soft/AIMP.exe	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://mc.yandex.com/metrika/advert.gifor	mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1855535462.000000000D634000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.drp.su/soft/Yandex.png	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/uTorrent.png	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
http://download.drp.su/soft/AIMP.png	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://allfont.ru/allfont.css?fonts=lucida-console&	mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	false	high
http://download.drp.su/soft/VisualCplus.png	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://static.drp.su/update/logs/script.js	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, drp.js.0.dr	false	high
https://mc.yandex.com/ata	mshta.exe, 00000002.00000003.1851479660.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1853998980.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1850898845.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847793229.000000000D619000.00000004.00000020.00020000.00000000.sdmp	false	high
https://mc.yandex.com/watch/33423178/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppDa	mshta.exe, 00000002.00000003.1924346544.000000000D5F9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1930991508.000000000D83C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://allfont.ru/allfont.css?fonts=lucida-console4	mshta.exe, 00000002.00000003.1686954511.0000000008DCD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1686426050.0000000008DC9000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/PotPlayer.png	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/DirectX.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/Opera86cis_woGoogle.exe	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp	false	high
https://driverpack.io/ku/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
https://driverpack.io/te/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://update.drp.su/api/logsE0.	mshta.exe, 00000002.00000003.1782758282.000000000D7EE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1821703159.000000000D865000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1786451967.000000000D897000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1827307424.000000000D891000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1822081284.000000000D88A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1847240334.000000000D875000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1782976194.000000000D888000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.opera.com/privacy	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1760476625.000000000D671000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp	false	high
https://driverpack.io/yo/info/translators	install_numarkidjliveii.exe, 00000000.00000002.1686376217.00000000039DA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.driverpack.io/soft/Opera.png	mshta.exe, 00000002.00000003.1759918515.000000000DF10000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1761438197.000000000D619000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000002.00000003.1825794140.000000000D607000.00000004.00000020.00020000.00000000.sdmp	false	high
http://dl.drp.su/soft/system/windows7-kb4012212-x64.msu	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high
http://auth.drp.su	install_numarkidjliveii.exe, 00000000.00000002.1686376217.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
87.117.235.115	auth.drp.su	United Kingdom	20860	IOMART-ASGB	false
77.88.21.119	mc.yandex.ru	Russian Federation	13238	YANDEXRU	false
172.67.209.192	allfont.ru	United States	13335	CLOUDFLARENETUS	false
87.250.250.119	unknown	Russian Federation	13238	YANDEXRU	false
37.9.8.75	update.drp.su	Russian Federation	49505	SELECTELRU	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427204
Start date and time:	2024-04-17 08:59:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	install_numarkidjliveii.exe
Detection:	MAL
Classification:	mal100.phis.spyw.expl.evad.winEXE@29/417@5/5
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 99% Number of executed functions: 54 Number of non-executed functions: 28
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240s for powershell

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.138.101, 74.125.138.113, 74.125.138.102, 74.125.138.139, 74.125.138.138, 74.125.138.100
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com, www.google-analytics.com
Execution Graph export aborted for target mshta.exe, PID 7084 because there are no executed function
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:00:08	API Interceptor	44x Sleep call for process: powershell.exe modified
09:00:25	API Interceptor	5x Sleep call for process: mshta.exe modified
09:00:29	API Interceptor	1x Sleep call for process: rundll32.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
87.117.235.115	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse	auth.drp.su/api/session
77.88.21.119	http://ovd.ru/forum/register.php?a=act&u=84666&i=25545989	Get hash	malicious	Unknown	Browse	mc.yandex.ru/metrika/watch.js
87.250.250.119	http://marvin-occentus.net	Get hash	malicious	Unknown	Browse
	https://www.tb-parts.ru/	Get hash	malicious	Unknown	Browse
	http://discovus.com	Get hash	malicious	Unknown	Browse
	https://cchcontent.com/?k=d779c440edb57bd974c500d65f843657&type=mainstream&subtype=global&data1=pc	Get hash	malicious	Unknown	Browse
	https://clck.ru/38QShT	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Program.Itva.6.25933.6217.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Program.Itva.6.25933.6217.exe	Get hash	malicious	Unknown	Browse
	https://marvin-occentus.net	Get hash	malicious	Unknown	Browse
	https://www.drvhub.net/devices/monitors/dell/e228wfp/download	Get hash	malicious	Unknown	Browse
	https://brandequity.economictimes.indiatimes.com/etl.php?url=//zerpcon.com/nxgtnrtn/imgsdoll#ZnJvdGlyb3RpQGFzc25hdC5xYy5jYQ==	Get hash	malicious	Unknown	Browse
37.9.8.75	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse	update.drp.su/v2/soft/?callback
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse	update.drp.su/api/logs
	SecuriteInfo.com.Program.Unwanted.4747.12641.exe	Get hash	malicious	Unknown	Browse	update.drp.su/v2/alternative/webdeploy16.js
	DriverPack-17-Online_174007544.1629221836__itapkqvv6k3n1w8.exe	Get hash	malicious	Unknown	Browse	update.drp.su/api/logs
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse	update.drp.su/api/logs

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
auth.drp.su	PROD_Start_DriverPack.hta	Get hash	malicious	Cobalt Strike	Browse	87.117.235.115
	https://driverpack.io/en/devices/printer/canon/canon-generic-plus-ps3	Get hash	malicious	Unknown	Browse	87.117.235.115
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse	87.117.235.115
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse	178.162.204.5
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse	178.162.204.5
	SV96z7YVxE.exe	Get hash	malicious	Unknown	Browse	178.162.204.5
	SecuriteInfo.com.Program.Unwanted.4747.12641.exe	Get hash	malicious	Unknown	Browse	178.162.204.5
	88f3p(1).exe	Get hash	malicious	Unknown	Browse	178.162.204.5
	Driverpackonline.exe	Get hash	malicious	Unknown	Browse	178.162.204.5
	f_004d39.exe	Get hash	malicious	Unknown	Browse	178.162.204.5
mc.yandex.ru	http://marvin-occentus.net	Get hash	malicious	Unknown	Browse	87.250.251.119
	https://www.tb-parts.ru/	Get hash	malicious	Unknown	Browse	87.250.250.119
	https://goo.su/mwrmX	Get hash	malicious	Unknown	Browse	77.88.21.119
	http://discovus.com	Get hash	malicious	Unknown	Browse	87.250.251.119
	https://steamfiller.ru/	Get hash	malicious	Unknown	Browse	93.158.134.119
	https://cchcontent.com/?k=d779c440edb57bd974c500d65f843657&type=mainstream&subtype=global&data1=pc	Get hash	malicious	Unknown	Browse	77.88.21.119
	https://clck.ru/38QShT	Get hash	malicious	Unknown	Browse	87.250.251.119
	https://clck.ru/38QShT	Get hash	malicious	Unknown	Browse	87.250.251.119
	https://12jav.net/index.html	Get hash	malicious	Unknown	Browse	77.88.21.119
	https://marvin-occentus.net	Get hash	malicious	Unknown	Browse	93.158.134.119
allfont.ru	PROD_Start_DriverPack.hta	Get hash	malicious	Cobalt Strike	Browse	104.21.16.11
	https://driverpack.io/en/devices/printer/canon/canon-generic-plus-ps3	Get hash	malicious	Unknown	Browse	188.114.96.3
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	SV96z7YVxE.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	SecuriteInfo.com.Program.Unwanted.4747.12641.exe	Get hash	malicious	Unknown	Browse	188.114.97.7
	88f3p(1).exe	Get hash	malicious	Unknown	Browse	188.114.96.7
	Driverpackonline.exe	Get hash	malicious	Unknown	Browse	188.114.96.7
	f_004d39.exe	Get hash	malicious	Unknown	Browse	104.21.16.11
update.drp.su	PROD_Start_DriverPack.hta	Get hash	malicious	Cobalt Strike	Browse	37.9.8.75
	https://driverpack.io/en/devices/printer/canon/canon-generic-plus-ps3	Get hash	malicious	Unknown	Browse	37.9.8.75
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse	82.145.55.146
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse	37.9.8.75
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse	178.162.207.42
	SV96z7YVxE.exe	Get hash	malicious	Unknown	Browse	178.162.207.42
	SecuriteInfo.com.Program.Unwanted.4747.12641.exe	Get hash	malicious	Unknown	Browse	37.9.8.75
	88f3p(1).exe	Get hash	malicious	Unknown	Browse	37.9.8.75
	Driverpackonline.exe	Get hash	malicious	Unknown	Browse	37.9.8.75
	f_004d39.exe	Get hash	malicious	Unknown	Browse	82.145.55.146

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
IOMART-ASGB	u8D2EDf5M2.elf	Get hash	malicious	Mirai	Browse	159.255.208.8
	EYhvUxUIsT.elf	Get hash	malicious	Mirai	Browse	85.232.45.199
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	78.129.210.187
	xmncOD7BwX.elf	Get hash	malicious	Mirai	Browse	46.20.235.73
	https://fixauthconnectapp.pages.dev/connection-module/	Get hash	malicious	Unknown	Browse	109.169.71.112
	xgxLxAfjCG.elf	Get hash	malicious	Mirai	Browse	37.220.16.45
	W0RBRi467A.elf	Get hash	malicious	Mirai, Moobot	Browse	193.37.77.224
	tjC7CVWKsG.elf	Get hash	malicious	Mirai, Moobot	Browse	193.37.77.224
	https://web3-bugfix.pages.dev/connect	Get hash	malicious	Unknown	Browse	109.169.71.112
	O4jtP3GIBN.elf	Get hash	malicious	Mirai	Browse	193.37.77.216
YANDEXRU	45brrQrxwH.exe	Get hash	malicious	AgentTesla	Browse	77.88.21.158
	http://www.makefun.online	Get hash	malicious	Captcha Phish	Browse	213.180.204.90
	http://marvin-occentus.net	Get hash	malicious	Unknown	Browse	87.250.251.119
	http://h.top4top.io	Get hash	malicious	Unknown	Browse	77.88.55.60
	https://www.tb-parts.ru/	Get hash	malicious	Unknown	Browse	77.88.55.60
	https://goo.su/mwrmX	Get hash	malicious	Unknown	Browse	77.88.55.60
	http://discovus.com	Get hash	malicious	Unknown	Browse	87.250.251.119
	https://telegra.ph/BTC-Transaction--702210-03-14?x85r	Get hash	malicious	Unknown	Browse	87.250.251.134
	https://steamfiller.ru/	Get hash	malicious	Unknown	Browse	93.158.134.119
	https://cchcontent.com/?k=d779c440edb57bd974c500d65f843657&type=mainstream&subtype=global&data1=pc	Get hash	malicious	Unknown	Browse	5.255.255.77
YANDEXRU	45brrQrxwH.exe	Get hash	malicious	AgentTesla	Browse	77.88.21.158
	http://www.makefun.online	Get hash	malicious	Captcha Phish	Browse	213.180.204.90
	http://marvin-occentus.net	Get hash	malicious	Unknown	Browse	87.250.251.119
	http://h.top4top.io	Get hash	malicious	Unknown	Browse	77.88.55.60
	https://www.tb-parts.ru/	Get hash	malicious	Unknown	Browse	77.88.55.60
	https://goo.su/mwrmX	Get hash	malicious	Unknown	Browse	77.88.55.60
	http://discovus.com	Get hash	malicious	Unknown	Browse	87.250.251.119
	https://telegra.ph/BTC-Transaction--702210-03-14?x85r	Get hash	malicious	Unknown	Browse	87.250.251.134
	https://steamfiller.ru/	Get hash	malicious	Unknown	Browse	93.158.134.119
	https://cchcontent.com/?k=d779c440edb57bd974c500d65f843657&type=mainstream&subtype=global&data1=pc	Get hash	malicious	Unknown	Browse	5.255.255.77
SELECTELRU	https://ssededeer3e.tilda.ws/	Get hash	malicious	Unknown	Browse	5.188.159.120
	SecuriteInfo.com.Linux.Siggen.9999.27109.28207.elf	Get hash	malicious	Mirai	Browse	5.189.235.211
	n0Rz1nI6i2.elf	Get hash	malicious	Gafgyt	Browse	94.154.33.25
	http://marvin-occentus.net	Get hash	malicious	Unknown	Browse	31.184.209.77
	http://discovus.com	Get hash	malicious	Unknown	Browse	31.184.209.76
	AMP4qOxnnc.elf	Get hash	malicious	Mirai	Browse	91.220.90.17
	i1crvbOZAP.exe	Get hash	malicious	Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	176.113.115.135
	https://marvin-occentus.net	Get hash	malicious	Unknown	Browse	31.184.209.76
	https://aireuropanews.com/pub/cc?_ri_=X0Gzc2X%3DAQjkPkSTSQGXniEKwJbWL5PiTtyMjBgmUasTGHsj8CU5zaEIzdvzfmgC1MAG7SzbgpdliPVXtpKX%3DDCTCRBRT&_ei_=EUvQ2AmkvAtM2JCfe9N8WkghoS1a1JqTEXUs1r2xUViFTNtndovYJ_C9G82vFFwzwBfK3JQ4ARh0uGqj0jqavv__L8fpzDwRLsx15O5GPB3hFEKL78tv4th66lSYPx5ov5Y.&_di_=8bclh645ink2pfrivcm088vbku61v10i0p89n7isfuju6iudu9s0	Get hash	malicious	Unknown	Browse	185.192.111.201
	vb75H26uOr.elf	Get hash	malicious	Mirai	Browse	91.220.90.12
CLOUDFLARENETUS	TNT Invoicing_pdf.vbs	Get hash	malicious	FormBook	Browse	172.67.215.45
	SWIFT.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	tmjGCGOEGMinVPD.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Cleared Payment.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	SAMPLE PURCHASE ORDER.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	http://139.144.214.53/5nXpDw325kdXA19thlgqqvurf31CSRUYYRTWNTDQNU30935IYSS28p9	Get hash	malicious	Phisher	Browse	104.21.54.167
	https://theredhendc.com	Get hash	malicious	Unknown	Browse	104.18.11.207
	Eaton PO-45150292964.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	hcjt7Ajt5t.exe	Get hash	malicious	LummaC	Browse	172.67.217.241
	45brrQrxwH.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	TNT Invoicing_pdf.vbs	Get hash	malicious	FormBook	Browse	77.88.21.119 172.67.209.192 87.250.250.119
	Credit_Details21367163050417024.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	77.88.21.119 172.67.209.192 87.250.250.119
	2llKbb9pR7.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine, SmokeLoader	Browse	77.88.21.119 172.67.209.192 87.250.250.119
	MdeeRbWvqe.exe	Get hash	malicious	LummaC, Babuk, Djvu, LummaC Stealer, RedLine, SmokeLoader	Browse	77.88.21.119 172.67.209.192 87.250.250.119
	SecuriteInfo.com.Trojan.Inject4.54824.15312.17403.exe	Get hash	malicious	Unknown	Browse	77.88.21.119 172.67.209.192 87.250.250.119
	file.exe	Get hash	malicious	Clipboard Hijacker, RisePro Stealer	Browse	77.88.21.119 172.67.209.192 87.250.250.119
	E1rGkXuAld.exe	Get hash	malicious	Mars Stealer, Vidar	Browse	77.88.21.119 172.67.209.192 87.250.250.119
	zquitaxghu.exe	Get hash	malicious	Mars Stealer, Vidar	Browse	77.88.21.119 172.67.209.192 87.250.250.119
	OjYcipehXr.exe	Get hash	malicious	Mars Stealer, Vidar	Browse	77.88.21.119 172.67.209.192 87.250.250.119
	DJWTW8Z47D.exe	Get hash	malicious	Mars Stealer, Vidar	Browse	77.88.21.119 172.67.209.192 87.250.250.119

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusA.exe	https://dl6.filehippo.com/9ca/d0f/98446f3cbe749084360b4e83104f93e9f8/DriverPack-17-Online_1633135298.1583503512.exe?signature=f544ef4cef081c8f022d05fe311fe272&expires=1695488281&url=https%3A%2F%2Ffilehippo.com%2Fdownload_driverpack-solution-online%2F&filename=DriverPack-17-Online_1633135298.1583503512.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_749652650.1631058953__eqiqpdyx4midqk9.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_174007544.1629221836__itapkqvv6k3n1w8.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_814840505.1612300694.exe	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000\programs\AvastAntivirusWorldwideA.exe	https://dl6.filehippo.com/9ca/d0f/98446f3cbe749084360b4e83104f93e9f8/DriverPack-17-Online_1633135298.1583503512.exe?signature=f544ef4cef081c8f022d05fe311fe272&expires=1695488281&url=https%3A%2F%2Ffilehippo.com%2Fdownload_driverpack-solution-online%2F&filename=DriverPack-17-Online_1633135298.1583503512.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_365109709.1670493887__7q52rhqgwso3722.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_749652650.1631058953__eqiqpdyx4midqk9.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_174007544.1629221836__itapkqvv6k3n1w8.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online.exe	Get hash	malicious	Unknown	Browse
	DriverPack-17-Online_814840505.1612300694.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Windows\SysWOW64\mshta.exe
File Type:	data
Category:	dropped
Size (bytes):	49120
Entropy (8bit):	0.0017331682157558962
Encrypted:	false
SSDEEP:	3:Ztt:T
MD5:	0392ADA071EB68355BED625D8F9695F3
SHA1:	777253141235B6C6AC92E17E297A1482E82252CC
SHA-256:	B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
SHA-512:	EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	8003
Entropy (8bit):	4.838950934453595
Encrypted:	false
SSDEEP:	192:Dxoe5nVsm5emdiVFn3eGOVpN6K3bkkjo5agkjDt4iWN3yBGHB9smMdcU6CDpOeik:N+VoGIpN6KQkj2xkjh4iUxeLib4J
MD5:	4C24412D4F060F4632C0BD68CC9ECB54
SHA1:	3856F6E5CCFF8080EC0DBAC6C25DD8A5E18205DF
SHA-256:	411F07FE2630E87835E434D00DC55E581BA38ECA0C2025913FB80066B2FFF2CE
SHA-512:	6538B1A33BF4234E20D156A87C1D5A4D281EFD9A5670A97D61E3A4D0697D5FFE37493B490C2E68F0D9A1FD0A615D0B2729D170008B3C15FA1DD6CAADDE985A1C
Malicious:	false
Preview:	PSMODULECACHE.....$7o..z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$7o..z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

Process:	C:\Users\user\Desktop\install_numarkidjliveii.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1592)
Category:	dropped
Size (bytes):	4663
Entropy (8bit):	5.131517392687573
Encrypted:	false
SSDEEP:	96:P22eKxBJq00+PVXzKOCzhBGbpgyvYQ+QNdzaCNqI51MSLDXBQH0BQwp55FT7mGXH:Pbe8BJq00iDJC1BGbpgyvYQ+QNdzaCN/
MD5:	EB0EA3E16F6F186BB4CCD4BCCB372AC9
SHA1:	FAF524E5FB1108417BB12E17C6AD8E09536546E0
SHA-256:	760C17FB8348F40535286960C6E6255AC25DB54DCC48F2AA4F3E24B8D07279BE
SHA-512:	D1ADC2B2B674CC755CB30E464FD8F304BB33555C4B35915A5E950C5569804B3E31C87D5466BEDEB11544DBC8F251CE4C64F2E05947CD0F9CE71975CF0474F737
Malicious:	false
Preview:	[if !(IE 6)]> >.<!DOCTYPE html>. <![endif]-->.<html style="background-color: #004777;">..<head>. <title>DriverPack Solution</title>.. { IE10 } -->. <meta http-equiv="X-UA-Compatible" content="IE=Edge" />. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <meta http-equiv="MSThemeCompatible" content="yes" />.. { FAVICON } -->. <link rel="shortcut icon" href="Tools\Icon.ico" type="image/x-icon" />.. { NO CACHE IE }-->. <meta http-equiv="cache-control" content="no-cache" />. <meta http-equiv="expires" content="0" />. <meta http-equiv="pragma" content="no-cache" />... { STYLES } -->. <link rel="stylesheet" type="text/css" href="css/normalize.min.css" />. <link rel="stylesheet" type="text/css" href="css/open-sans.css" />. <link rel="stylesheet" type="text/css" href="css/roboto.css" />. <link rel="stylesheet" type="text/css" href="css/proximanova.css" />. <link rel="stylesheet" type="text/css" href="css/icons-checkbox.css" /

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols, created Wed Apr 17 08:56:37 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1364
Entropy (8bit):	4.044424358695229
Encrypted:	false
SSDEEP:	24:HJdiC9AWZfsVDfHJwK2fpmfII+ycuZhNkakSAPNnqSWd:zAWB6SKqpmg1ulka3YqSm
MD5:	9D873497BB7609286ACB3C794A6D8010
SHA1:	D15CD0B8F1818ECCAE9AE4E39CF52186BCF6C251
SHA-256:	D309EDB8D6108993F90B824058F8577423189BFABA572B72686E899FCAF94478
SHA-512:	8533BC1C0220269DACD416EB625C1B67783E4A02605A880CE137A6D79CBCBCF98BF0A57E9F57295215EB5242C85915278BF894070E0EA77F7C613603DB9F62C4
Malicious:	false
Preview:	L.....f.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........S....c:\Users\user\AppData\Local\Temp\na2e5gjd\CSC2CD567E8E04445B29892BAFC155E45E.TMP................~?bd.!U,%l1 U.Y...........4.......C:\Users\user\AppData\Local\Temp\RES4350.tmp.-.<....................a..Microsoft (R) CVTRES...=..cwd.C:\Users\user\AppData\Local\Temp\DriverPack-2024041790000.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...n.a.2.e.5.g.j.d...d.l.l.....(.....L.e.g.a.l.C.o.p.

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	2.94770277922009
Encrypted:	false
SSDEEP:	3:6Nn:6N
MD5:	47A22A7A342FD09177C62FCB8054933C
SHA1:	D2B7928A34EEDB04ACC61C3A0E01D3138295E855
SHA-256:	51E6AF14FA1E9032300DBF76A85CB8561E523E89C363CEC09CDC2128801A191D
SHA-512:	B9AB174618FE617B061E27C8F0D4B7960271952A67245C2AD6155E93E0C08CAB696191FBC7069C89F05FF545318F930CBD0DD7DC41B9CCA0E7356143D3B47D98
Malicious:	true
Preview:	Done 0 ..

Process:	C:\Windows\SysWOW64\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.2359263506290326
Encrypted:	false
SSDEEP:	3:t:t
MD5:	F1CA165C0DA831C9A17D08C4DECBD114
SHA1:	D750F8260312A40968458169B496C40DACC751CA
SHA-256:	ACCF036232D2570796BF0ABF71FFE342DC35E2F07B12041FE739D44A06F36AF8
SHA-512:	052FF09612F382505B049EF15D9FB83E46430B5EE4EEFB0F865CD1A3A50FDFA6FFF573E0EF940F26E955270502D5774187CD88B90CD53792AC1F6DFA37E4B646
Malicious:	false
Preview:	Ok.....

File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.996834269380051
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	install_numarkidjliveii.exe
File size:	4'887'336 bytes
MD5:	c82f01cd37f341209e6ac8c8848ec398
SHA1:	5fe0b58b02a3ea209ed4e9f7fca49b4ed775dc11
SHA256:	7919e9611d4b12ef001005e6af2b8f6c602aa3b4978b2a056e14bc41bd8fe024
SHA512:	ed9fa38bb5e2112ecc3cab55250ddc8d716474105012af93ecec50ccc0117c43d0275f65c10233cae648830f58f9fa0e06835fb382ea6951b17db9740672e2a1
SSDEEP:	98304:RVhXGFk6bKisL0v8Pxzb2XJtA0AxZiy/i3+H7lpAN/bM5qiqt:RWtsIE5oWns+H7luNTMY3
TLSH:	303633DCECE33B6CD5430E30A899E31B1673AF08418D494FDA99197A8C52FF252ADB45
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......V............................]C............@..................................(K....... ............................

Entrypoint:	0x40435d
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x569785C5 [Thu Jan 14 11:25:57 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	ffe3cc63e5a1efb4d2f4cc004c584646

Signature Valid:	false
Signature Issuer:	CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	A certificate was explicitly revoked by its issuer
Error Number:	-2146762484
Not Before, Not After	23/11/2018 01:00:00 24/11/2019 00:59:59
Subject Chain	CN="DRAIVERPAK, OOO", O="DRAIVERPAK, OOO", STREET="d. 3 str. 2 etazh 3 MANS K 1;2;3;3A, per. Likhov", L=Moscow, S=Moscow, PostalCode=127051, C=RU
Version:	3
Thumbprint MD5:	648D943AD2615D2E1E984074E76C1A29
Thumbprint SHA-1:	153208FBBA0E2D5858B688EA85A9915E929DF1FD
Thumbprint SHA-256:	D68634750B74F31977FDCC5FB9BC8883175FE0E2372C4CD8899EB7D6F985D726
Serial:	009570F354ADC3881C0567CFF0FA32C0D6

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2d000	0x1298	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3a000	0x6d80	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x4a4db8	0x4570
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8b00	0x8c00	3b664e8d86bd65d3dcb3e1c59dc1881d	False	0.5344029017857143	data	5.941147354153504	IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xa000	0xe0	0x200	174d41b6b663939999c70faff9abdb04	False	0.19921875	data	1.628933320000362	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xb000	0x69d8	0x6a00	2e94b0f8c7dac88bfe42920ea00f6dc2	False	0.7216244103773585	data	7.299408808107716	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss	0x12000	0x1ad00	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x2d000	0x1298	0x1400	899d4362854404933f947f6a31cda3d6	False	0.3720703125	data	5.179627324365848	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x2f000	0xb000	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3a000	0x6d80	0x6e00	eb783b88c74b71647b7cc7da7503809f	False	0.4291193181818182	data	5.429225231001556	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x3a310	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.4387966804979253
RT_ICON	0x3c8b8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.5356472795497186
RT_ICON	0x3d960	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	English	United States	0.4546908315565032
RT_ICON	0x3e808	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	English	United States	0.5852888086642599
RT_ICON	0x3f0b0	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1536	English	United States	0.2652439024390244
RT_ICON	0x3f718	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	English	United States	0.6777456647398844
RT_ICON	0x3fc80	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6923758865248227
RT_ICON	0x400e8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.3897849462365591
RT_ICON	0x403d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.543918918918919
RT_DIALOG	0x404f8	0x246	data	English	United States	0.38316151202749144
RT_DIALOG	0x40740	0x104	data	English	United States	0.6076923076923076
RT_DIALOG	0x40848	0xee	data	English	United States	0.6092436974789915
RT_GROUP_ICON	0x40938	0x84	data	English	United States	0.6136363636363636
RT_MANIFEST	0x409c0	0x3c0	XML 1.0 document, ASCII text, with very long lines (960), with no line terminators	English	United States	0.5197916666666667

DLL	Import
ADVAPI32.dll	RegCloseKey, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA
COMCTL32.DLL	ImageList_AddMasked, ImageList_Create, ImageList_Destroy, InitCommonControls
GDI32.dll	CreateBrushIndirect, CreateFontIndirectA, DeleteObject, GetDeviceCaps, SelectObject, SetBkColor, SetBkMode, SetTextColor
KERNEL32.dll	CloseHandle, CompareFileTime, CopyFileA, CreateDirectoryA, CreateFileA, CreateProcessA, CreateThread, DeleteFileA, ExitProcess, ExpandEnvironmentStringsA, FindClose, FindFirstFileA, FindNextFileA, FreeLibrary, GetCommandLineA, GetCurrentProcess, GetDiskFreeSpaceA, GetExitCodeProcess, GetFileAttributesA, GetFileSize, GetFullPathNameA, GetLastError, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileStringA, GetProcAddress, GetShortPathNameA, GetSystemDirectoryA, GetTempFileNameA, GetTempPathA, GetTickCount, GetVersion, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalUnlock, LoadLibraryA, LoadLibraryExA, MoveFileA, MulDiv, MultiByteToWideChar, ReadFile, RemoveDirectoryA, SearchPathA, SetCurrentDirectoryA, SetErrorMode, SetFileAttributesA, SetFilePointer, SetFileTime, Sleep, WaitForSingleObject, WriteFile, WritePrivateProfileStringA, lstrcatA, lstrcmpA, lstrcmpiA, lstrcpynA, lstrlenA
ole32.dll	CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
SHELL32.dll	SHBrowseForFolderA, SHFileOperationA, SHGetFileInfoA, SHGetPathFromIDListA, SHGetSpecialFolderLocation, ShellExecuteA
USER32.dll	AppendMenuA, BeginPaint, CallWindowProcA, CharNextA, CharPrevA, CheckDlgButton, CloseClipboard, CreateDialogParamA, CreatePopupMenu, CreateWindowExA, DefWindowProcA, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawTextA, EmptyClipboard, EnableMenuItem, EnableWindow, EndDialog, EndPaint, ExitWindowsEx, FillRect, FindWindowExA, GetClassInfoA, GetClientRect, GetDC, GetDlgItem, GetDlgItemTextA, GetMessagePos, GetSysColor, GetSystemMenu, GetSystemMetrics, GetWindowLongA, GetWindowRect, InvalidateRect, IsWindow, IsWindowEnabled, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadImageA, MessageBoxIndirectA, OpenClipboard, PeekMessageA, PostQuitMessage, RegisterClassA, ScreenToClient, SendMessageA, SendMessageTimeoutA, SetClassLongA, SetClipboardData, SetCursor, SetDlgItemTextA, SetForegroundWindow, SetTimer, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, SystemParametersInfoA, TrackPopupMenu, wsprintfA

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 17, 2024 09:00:06.461725950 CEST	56764	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:00:06.744869947 CEST	53	56764	1.1.1.1	192.168.2.4
Apr 17, 2024 09:00:08.694358110 CEST	52257	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:00:08.800857067 CEST	53	52257	1.1.1.1	192.168.2.4
Apr 17, 2024 09:00:11.242621899 CEST	56841	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:00:11.245672941 CEST	51224	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:00:11.347801924 CEST	53	56841	1.1.1.1	192.168.2.4
Apr 17, 2024 09:00:11.364722967 CEST	53	51224	1.1.1.1	192.168.2.4
Apr 17, 2024 09:00:21.885179043 CEST	60024	53	192.168.2.4	1.1.1.1
Apr 17, 2024 09:00:21.990427971 CEST	53	60024	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 09:00:06.856579065 CEST	326	OUT	GET /allfont.css?fonts=lucida-console HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: allfont.ru Connection: Keep-Alive
Apr 17, 2024 09:00:06.972336054 CEST	684	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 17 Apr 2024 07:00:06 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Wed, 17 Apr 2024 08:00:06 GMT Location: https://allfont.ru/allfont.css?fonts=lucida-console Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0Fo0IntIDtOyF3qVmuC%2FHNXbLbFvpW0oGBQdEypQ30dqKHaw9gmucAbtHZlO5rAshPj%2BSP4Rxy0v6n%2FKTYZXctuTXMPD5%2BiZwRZM6iHMK1yMJhvDpe%2B%2BVlEE5pZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 875a89473fa1674b-ATL alt-svc: h3=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 09:00:08.996839046 CEST	383	OUT	POST /api/session HTTP/1.1 Accept: / Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: auth.drp.su Content-Length: 2 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:08.996927977 CEST	6	OUT	Data Raw: 7b 7d Data Ascii: {}
Apr 17, 2024 09:00:09.193353891 CEST	274	IN	HTTP/1.1 401 Unauthorized Vary: Accept-Encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE Content-Type: text/plain; charset=utf-8 Content-Length: 12 Date: Wed, 17 Apr 2024 07:00:09 GMT Connection: keep-alive Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 Data Ascii: Unauthorized

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 09:00:11.580133915 CEST	699	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 0 x-drp-client-time: 2024-04-17T07:00:10.375Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 192 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:11.794446945 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:10 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:21.925621033 CEST	192	OUT	Data Raw: 7b 22 6c 76 6c 22 3a 22 69 6e 66 6f 22 2c 22 74 61 67 73 22 3a 5b 5d 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 64 72 69 76 65 72 50 61 63 6b 53 6f 6c 75 74 69 6f 6e 56 65 72 73 69 6f 6e 3a 64 65 66 69 6e 65 64 22 2c 22 6d 65 73 73 61 67 65 22 3a Data Ascii: {"lvl":"info","tags":[],"namespace":"driverPackSolutionVersion:defined","message":"DriverPack Solution 17.10.7 Online","params":{"driverPackSolution":{"version":"17.10.7","verType":"Online"}}}

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 09:00:11.580157042 CEST	297	OUT	GET / HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Connection: Keep-Alive
Apr 17, 2024 09:00:11.794415951 CEST	366	IN	HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:10 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive GeoIP: RO Content-Encoding: gzip Data Raw: 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 2d 8e b1 0e c2 30 10 43 e7 f2 15 51 76 08 33 5c 3a 31 32 20 aa 7e 40 68 0e 25 22 4d ca f5 52 89 bf a7 47 99 6c d9 96 9e 21 f0 98 da 5d 03 01 9d 5f b5 01 8e 9c b0 bd 50 5c 90 6e 6e 78 a9 ae a4 ca b1 64 30 5b 25 a3 11 d9 a9 c0 3c ed f1 5d e3 62 35 e1 93 70 0e 5a 0d 25 33 66 b6 fa 78 56 fd fd 6a 65 74 32 c6 d3 74 98 ab d1 82 32 7f 16 3c 8a ff 08 53 b2 cd af dd ef cf 17 8f 72 b0 d0 97 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 8d-0CQv3\:12 ~@h%"MRGl!]_P\nnxd0[%<]b5pZ%3fxVjet2t2<Sr0
Apr 17, 2024 09:00:11.797365904 CEST	699	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 1 x-drp-client-time: 2024-04-17T07:00:10.377Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 191 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:12.011518002 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:11 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:21.925559998 CEST	191	OUT	Data Raw: 7b 22 6c 76 6c 22 3a 22 69 6e 66 6f 22 2c 22 74 61 67 73 22 3a 5b 5d 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 64 72 69 76 65 72 50 61 63 6b 53 6f 6c 75 74 69 6f 6e 42 75 69 6c 64 3a 64 65 66 69 6e 65 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 42 Data Ascii: {"lvl":"info","tags":[],"namespace":"driverPackSolutionBuild:defined","message":"Build development deeef8c 2019-04-05","params":{"env":"development","sha":"deeef8c","buildDate":"2019-04-05"}}

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 09:00:11.640773058 CEST	164	OUT	GET /v2/soft/?callback HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: update.drp.su
Apr 17, 2024 09:00:11.855341911 CEST	536	IN	HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:11 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive GeoIP: RO Data Raw: 38 31 63 64 0d 0a 74 72 79 20 7b 0a 20 20 76 61 72 20 67 65 6f 69 70 20 3d 20 7b 0a 09 09 09 67 65 6f 69 70 5f 61 72 65 61 5f 63 6f 64 65 3a 20 22 30 22 2c 0a 09 09 09 67 65 6f 69 70 5f 63 69 74 79 3a 20 22 22 2c 0a 09 09 09 67 65 6f 69 70 5f 63 69 74 79 5f 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 3a 20 22 45 55 22 2c 0a 09 09 09 67 65 6f 69 70 5f 63 69 74 79 5f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3a 20 22 52 4f 22 2c 0a 09 09 09 67 65 6f 69 70 5f 63 69 74 79 5f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 33 3a 20 22 52 4f 55 22 2c 0a 09 09 09 67 65 6f 69 70 5f 63 69 74 79 5f 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 3a 20 22 52 6f 6d 61 6e 69 61 22 2c 0a 09 09 09 67 65 6f 69 70 5f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 3a 20 22 52 4f 22 2c 0a 09 09 09 67 65 6f 69 70 5f 63 6f 75 6e 74 72 79 5f 63 6f 64 65 33 3a 20 22 52 4f 55 22 2c 0a 09 09 09 67 65 6f 69 70 5f 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 3a 20 22 52 6f 6d 61 6e 69 61 22 2c 0a 09 09 09 67 65 6f 69 70 5f 64 6d 61 5f 63 6f 64 65 3a 20 22 30 22 2c 0a 09 09 09 67 65 6f 69 70 5f 6c 61 Data Ascii: 81cdtry { var geoip = {geoip_area_code: "0",geoip_city: "",geoip_city_continent_code: "EU",geoip_city_country_code: "RO",geoip_city_country_code3: "ROU",geoip_city_country_name: "Romania",geoip_country_code: "RO",geoip_country_code3: "ROU",geoip_country_name: "Romania",geoip_dma_code: "0",geoip_la
Apr 17, 2024 09:00:11.855379105 CEST	536	IN	Data Raw: 74 69 74 75 64 65 3a 20 22 34 36 2e 30 30 30 30 22 2c 0a 09 09 09 67 65 6f 69 70 5f 6c 6f 6e 67 69 74 75 64 65 3a 20 22 32 35 2e 30 30 30 30 22 2c 0a 09 09 09 67 65 6f 69 70 5f 6f 72 67 3a 20 22 22 2c 0a 09 09 09 67 65 6f 69 70 5f 70 6f 73 74 61 Data Ascii: titude: "46.0000",geoip_longitude: "25.0000",geoip_org: "",geoip_postal_code: "",geoip_region: "",geoip_region_name: ""}; window.geoip = geoip;} catch (err) { window.geoip = {};}try { window.modelData = window.
Apr 17, 2024 09:00:11.855412006 CEST	536	IN	Data Raw: 20 20 27 4c 55 27 2c 0a 20 20 27 4c 56 27 2c 0a 20 20 27 4d 54 27 2c 0a 20 20 27 4e 4c 27 2c 0a 20 20 27 50 4c 27 2c 0a 20 20 27 50 54 27 2c 0a 20 20 27 52 4f 27 2c 0a 20 20 27 53 45 27 2c 0a 20 20 27 53 49 27 2c 0a 20 20 27 53 4b 27 0a 5d 3b 0a Data Ascii: 'LU', 'LV', 'MT', 'NL', 'PL', 'PT', 'RO', 'SE', 'SI', 'SK'];var usaLocalesOpera = [ ];var euLocalesOpera = [ ];var cisLocales = [ 'RU', 'AZ', 'AM', 'BY', 'KZ', 'KG', 'MD', 'TJ', 'TM', 'UZ', 'GE',
Apr 17, 2024 09:00:11.855446100 CEST	536	IN	Data Raw: 20 7c 7c 20 28 65 75 4c 6f 63 61 6c 65 73 2e 69 6e 64 65 78 4f 66 28 67 65 6f 29 20 21 3d 3d 20 2d 31 29 29 20 7b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 20 7d 0a 20 20 69 66 20 28 63 6c 6f 75 64 4c 6f 63 61 6c 65 73 2e 69 6e 64 65 78 4f 66 28 Data Ascii: \|\| (euLocales.indexOf(geo) !== -1)) { return false; } if (cloudLocales.indexOf(geo) !== -1) { return true; } if (window.lang !== 'ru') { return false; } return true;}function isCloudInstalled (data) { if (data.system.RegExists('HKL
Apr 17, 2024 09:00:11.855479002 CEST	536	IN	Data Raw: 27 50 75 62 6c 69 73 68 65 72 27 3a 20 27 49 67 6f 72 20 50 61 76 6c 6f 76 27 2c 0a 20 20 20 20 27 52 61 74 69 6e 67 27 3a 20 35 2c 0a 20 20 20 20 27 43 68 65 63 6b 65 64 27 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 27 56 65 72 73 69 6f 6e 27 3a 20 Data Ascii: 'Publisher': 'Igor Pavlov', 'Rating': 5, 'Checked': false, 'Version': '21.03', 'ReleaseDate': '2014-07-30', 'UpdateDate': '2021-07-21', 'Registry_32': 'HKCU\\Software\\7-Zip\\Path', 'Keys': '/S', 'Category': 'Ar
Apr 17, 2024 09:00:11.855513096 CEST	536	IN	Data Raw: 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 28 75 73 61 4c 6f 63 61 6c 65 73 2e 69 6e 64 65 78 4f 66 28 67 65 6f 29 20 3d 3d 3d 20 2d 31 29 20 26 26 20 28 65 75 4c 6f 63 61 6c 65 73 2e 69 6e 64 65 78 Data Ascii: e.toUpperCase(); return (usaLocales.indexOf(geo) === -1) && (euLocales.indexOf(geo) === -1); }, 'IsPartner': false, 'Lang': '', 'priority': 1001 }, { 'ID': '3', 'Name': 'Opera x64', 'localizedName': {
Apr 17, 2024 09:00:11.855546951 CEST	536	IN	Data Raw: 6c 65 61 73 65 44 61 74 65 27 3a 20 27 32 30 31 37 2d 31 30 2d 30 34 27 2c 0a 20 20 20 20 27 55 70 64 61 74 65 44 61 74 65 27 3a 20 27 32 30 32 33 2d 31 30 2d 32 34 27 2c 0a 20 20 20 20 27 52 65 67 69 73 74 72 79 5f 33 32 27 3a 20 27 48 4b 43 55 Data Ascii: leaseDate': '2017-10-04', 'UpdateDate': '2023-10-24', 'Registry_32': 'HKCU\\Software\\Opera Software\\UUID', 'CheckInstalled': function (data) { return data.diagnostics.checkSoft.checkSoftInstalled(/^Opera /i); }, 'Ke
Apr 17, 2024 09:00:11.855582952 CEST	536	IN	Data Raw: 46 61 73 74 2c 20 73 65 63 75 72 65 2c 20 65 61 73 79 2d 74 6f 2d 75 73 65 20 62 72 6f 77 73 65 72 20 77 69 74 68 20 61 20 62 75 69 6c 74 2d 69 6e 20 61 64 20 62 6c 6f 63 6b 65 72 2c 20 62 61 74 74 65 72 79 20 73 61 76 65 72 20 61 6e 64 20 66 72 Data Ascii: Fast, secure, easy-to-use browser with a built-in ad blocker, battery saver and free VPN', 'ru': ',
Apr 17, 2024 09:00:11.855617046 CEST	536	IN	Data Raw: 65 28 29 3b 0a 20 20 20 20 20 20 69 66 20 28 28 75 73 61 4c 6f 63 61 6c 65 73 4f 70 65 72 61 2e 69 6e 64 65 78 4f 66 28 67 65 6f 29 20 21 3d 3d 20 2d 31 29 20 7c 7c 20 28 65 75 4c 6f 63 61 6c 65 73 4f 70 65 72 61 2e 69 6e 64 65 78 4f 66 28 67 65 Data Ascii: e(); if ((usaLocalesOpera.indexOf(geo) !== -1) \|\| (euLocalesOpera.indexOf(geo) !== -1)) { return false; } if (geo === 'RU') return false; return true; }, 'Lang': '', 'IsPartner': true, 'priority': 41 }, {
Apr 17, 2024 09:00:11.855650902 CEST	536	IN	Data Raw: 27 52 61 74 69 6e 67 27 3a 20 35 2c 0a 20 20 20 20 27 43 68 65 63 6b 65 64 27 3a 20 74 72 75 65 2c 0a 20 20 20 20 27 56 65 72 73 69 6f 6e 27 3a 20 27 36 34 2e 30 2e 33 34 31 37 2e 37 33 27 2c 0a 20 20 20 20 27 52 65 6c 65 61 73 65 44 61 74 65 27 Data Ascii: 'Rating': 5, 'Checked': true, 'Version': '64.0.3417.73', 'ReleaseDate': '2017-10-04', 'UpdateDate': '2019-10-24', 'Registry_32': 'HKCU\\Software\\Opera Software\\UUID', 'CheckInstalled': function (data) { return d
Apr 17, 2024 09:00:12.070053101 CEST	536	IN	Data Raw: 74 27 3a 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 70 65 72 61 2e 63 6f 6d 2f 63 6f 6d 70 75 74 65 72 27 2c 0a 20 20 20 20 27 44 65 73 63 72 69 70 74 69 6f 6e 27 3a 20 7b 0a 20 20 20 20 20 20 27 65 6e 27 3a 20 27 46 61 73 74 2c 20 73 65 63 75 Data Ascii: t': 'https://www.opera.com/computer', 'Description': { 'en': 'Fast, secure, easy-to-use browser with a built-in ad blocker, battery saver and free VPN', 'ru': ',

Timestamp	Bytes transferred	Direction	Data
Apr 17, 2024 09:00:22.140693903 CEST	699	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 3 x-drp-client-time: 2024-04-17T07:00:10.380Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 132 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:22.140775919 CEST	132	OUT	Data Raw: 7b 22 6c 76 6c 22 3a 22 69 6e 66 6f 22 2c 22 74 61 67 73 22 3a 5b 5d 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 4f 53 3a 64 65 66 69 6e 65 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 20 78 36 34 22 2c 22 70 Data Ascii: {"lvl":"info","tags":[],"namespace":"OS:defined","message":"Windows 10 Pro x64","params":{"OSCaption":"Windows 10 Pro","arch":"64"}}
Apr 17, 2024 09:00:22.354866982 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:21 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:22.355197906 CEST	699	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 4 x-drp-client-time: 2024-04-17T07:00:10.382Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 177 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:22.355453968 CEST	177	OUT	Data Raw: 7b 22 6c 76 6c 22 3a 22 69 6e 66 6f 22 2c 22 74 61 67 73 22 3a 5b 5d 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 73 65 73 73 69 6f 6e 49 64 3a 64 65 66 69 6e 65 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 53 65 73 73 69 6f 6e 49 64 20 63 65 61 30 37 Data Ascii: {"lvl":"info","tags":[],"namespace":"sessionId:defined","message":"SessionId cea07484-f06c-4cd3-9c38-882915f814e6","params":{"sessionId":"cea07484-f06c-4cd3-9c38-882915f814e6"}}
Apr 17, 2024 09:00:22.569616079 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:21 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:22.569960117 CEST	698	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 6 x-drp-client-time: 2024-04-17T07:00:10.385Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 90 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:22.784179926 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:21 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:22.790896893 CEST	90	OUT	Data Raw: 7b 22 6c 76 6c 22 3a 22 69 6e 66 6f 22 2c 22 74 61 67 73 22 3a 5b 5d 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 73 6f 66 74 4a 73 3a 63 61 6c 6c 65 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 73 6f 66 74 4a 73 20 63 61 6c 6c 65 64 22 2c 22 70 61 72 Data Ascii: {"lvl":"info","tags":[],"namespace":"softJs:called","message":"softJs called","params":{}}
Apr 17, 2024 09:00:22.791131020 CEST	699	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 8 x-drp-client-time: 2024-04-17T07:00:10.446Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 113 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:22.792413950 CEST	113	OUT	Data Raw: 7b 22 6c 76 6c 22 3a 22 69 6e 66 6f 22 2c 22 74 61 67 73 22 3a 5b 5d 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 63 6f 72 65 3a 61 6e 74 69 76 69 72 75 73 3a 69 6e 69 74 3a 6e 6f 74 2d 66 6f 75 6e 64 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 6e 6f 20 Data Ascii: {"lvl":"info","tags":[],"namespace":"core:antivirus:init:not-found","message":"no antiviruses found","params":{}}
Apr 17, 2024 09:00:23.005302906 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:22 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:23.005609035 CEST	699	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 10 x-drp-client-time: 2024-04-17T07:00:13.934Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 99 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:23.090564966 CEST	99	OUT	Data Raw: 7b 22 6c 76 6c 22 3a 22 69 6e 66 6f 22 2c 22 74 61 67 73 22 3a 5b 5d 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 73 79 73 74 65 6d 53 63 61 6e 6e 65 72 3a 72 75 6e 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 73 79 73 74 65 6d 20 73 63 61 6e 6e 65 72 20 Data Ascii: {"lvl":"info","tags":[],"namespace":"systemScanner:run","message":"system scanner run","params":{}}
Apr 17, 2024 09:00:23.219816923 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:22 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:23.220180988 CEST	701	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 12 x-drp-client-time: 2024-04-17T07:00:14.086Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 1282 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:23.413616896 CEST	1282	OUT	Data Raw: 7b 22 6c 76 6c 22 3a 22 77 61 72 6e 22 2c 22 74 61 67 73 22 3a 5b 22 71 75 69 63 6b 73 74 61 72 74 22 5d 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 73 79 73 74 65 6d 53 63 61 6e 6e 65 72 3a 71 75 69 63 6b 73 74 61 72 74 4a 73 6f 6e 3a 66 61 69 6c Data Ascii: {"lvl":"warn","tags":["quickstart"],"namespace":"systemScanner:quickstartJson:failed","message":"drivers.json error","params":{"task":"drivers","error":{"description":"File is not found","stack":"Error: File is not found\n at exports.queryFi
Apr 17, 2024 09:00:23.434396982 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:22 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:23.434669018 CEST	704	OUT	POST /api/select HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 14 x-drp-client-time: 2024-04-17T07:00:19.867Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 16467 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:23.435101032 CEST	15468	OUT	Data Raw: 7b 22 64 65 76 69 63 65 73 22 3a 5b 7b 22 64 65 76 69 63 65 49 64 22 3a 22 53 57 44 5c 5c 4d 53 52 52 41 53 5c 5c 4d 53 5f 4e 44 49 53 57 41 4e 42 48 22 2c 22 73 74 61 74 75 73 22 3a 22 4f 4b 22 2c 22 73 74 61 74 75 73 43 6f 64 65 22 3a 30 2c 22 Data Ascii: {"devices":[{"deviceId":"SWD\\MSRRAS\\MS_NDISWANBH","status":"OK","statusCode":0,"classGuid":"{4d36e972-e325-11ce-bfc1-08002be10318}","hardwareId":["SWD\\MSRRAS"]},{"deviceId":"ROOT\\MSSMBIOS\\0000","status":"OK","statusCode":0,"classGuid":"{4
Apr 17, 2024 09:00:23.649039984 CEST	999	OUT	Data Raw: 43 38 46 30 31 34 42 33 41 36 34 35 7d 22 2c 22 73 74 61 74 75 73 22 3a 22 4f 4b 22 2c 22 73 74 61 74 75 73 43 6f 64 65 22 3a 30 2c 22 63 6c 61 73 73 47 75 69 64 22 3a 22 7b 31 65 64 32 62 62 66 39 2d 31 31 66 30 2d 34 30 38 34 2d 62 32 31 66 2d Data Ascii: C8F014B3A645}","status":"OK","statusCode":0,"classGuid":"{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}","hardwareId":["SWD\\PRINTENUM"]},{"deviceId":"HID\\VID_0E0F&PID_0003&MI_00\\7&10DF666E&0&0000","status":"OK","statusCode":0,"classGuid":"{4d36e96f
Apr 17, 2024 09:00:23.949829102 CEST	536	IN	HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:23 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE ETag: "3f41-3LpeHYnPBHw2PXXTyixPqAi0NE8" Content-Encoding: gzip Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate Data Raw: 61 38 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5b 79 6f db 38 16 ff 2a 81 17 30 66 80 d0 21 45 89 a2 f2 d7 92 22 95 18 f1 b5 96 9d 6e 5a 17 82 1b ab 33 c6 38 07 6c a7 dd 4e 90 ef be a4 64 3b 96 ad 33 ae 8b ed a2 bd 62 eb 3d be c7 e3 f7 4e aa cf b5 bb 70 39 ae 9d 3f d7 16 cb f1 f2 69 51 3b af 75 af 6a 2f a7 Data Ascii: a8e[yo8*0f!E"nZ38lNd;3b=Np9?iQ;uj/
Apr 17, 2024 09:00:23.949871063 CEST	536	IN	Data Raw: b5 c9 58 3f fe f0 5c 9b 84 5f a6 b7 61 73 a2 28 fe 3b 31 1a b5 fd 7e 9f f9 fa 67 d0 11 4d ff 1d eb f0 cb da 69 ed cf f1 7c f2 75 3c 8f 18 3f 6c 73 d6 3e 9e d6 ee c6 d3 fb 5d 09 6a cc 64 3e fd 12 ce 95 ce 0f 1f 5f 4e 13 9a fa dd ee 40 33 fa 6d de Data Ascii: X?\_as(;1~gMi\|u<?ls>]jd>_N@3m*ePSdJ!bn9:=Bc42$Z<%=W1^NBB^Zfrcd1Qkp@TBu{aV?T_48]`bt-\CCL-c>vOexv9}'+Z\tV9
Apr 17, 2024 09:00:23.949903965 CEST	536	IN	Data Raw: 3f 53 ae 70 36 8b b6 fa f2 e1 e1 2f 75 3c f7 4f b3 d9 69 4d 3d 7c f8 ba 3a da e9 62 f3 4d 9b fa db 11 68 9b 78 e2 dc ee 23 30 9c 38 0e a4 05 08 14 b2 d5 3a 0c 82 1b 1b f4 a0 89 a0 41 cb 42 52 84 b3 d9 49 f3 fe b6 f1 0a c6 e8 91 06 a1 75 26 d7 a8 Data Ascii: ?Sp6/u<OiM=\|:bMhx#08:ABRIu&T_f351g?OGb\|?Mi1v-\|kHv_IqwbP_pOg_,O~]r4R-UAL(n;Cv]rBJ" `2WvWFmUCeM
Apr 17, 2024 09:00:23.995758057 CEST	702	OUT	POST /api/events HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 17 x-drp-client-time: 2024-04-17T07:00:23.122Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 229 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:24.210232973 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:23 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:25.992177010 CEST	700	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 19 x-drp-client-time: 2024-04-17T07:00:23.138Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 873 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:26.206655025 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:25 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:26.207082033 CEST	699	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 22 x-drp-client-time: 2024-04-17T07:00:25.109Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 97 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:26.421260118 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:25 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:26.422586918 CEST	700	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 23 x-drp-client-time: 2024-04-17T07:00:25.113Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 155 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:26.636701107 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:25 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:28.788172007 CEST	701	OUT	POST /api/logs HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 26 x-drp-client-time: 2024-04-17T07:00:27.881Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 1282 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:29.002321005 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:28 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:29.746598959 CEST	702	OUT	POST /api/events HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 28 x-drp-client-time: 2024-04-17T07:00:28.246Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 186 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:29.961041927 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:29 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:30.199465990 CEST	702	OUT	POST /api/events HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 30 x-drp-client-time: 2024-04-17T07:00:28.260Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 147 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:30.413564920 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:29 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive
Apr 17, 2024 09:00:30.662789106 CEST	702	OUT	POST /api/events HTTP/1.1 Accept: / x-api-version: 1.1 x-drp-client-id: 589230014.4837132694 x-drp-computer-id: 206505393.0266497710 x-drp-session-id: cea07484-f06c-4cd3-9c38-882915f814e6 x-drp-application: driverpack online x-drp-version: 17.10.7 Online x-drp-experiment: (not set) x-drp-index: 32 x-drp-client-time: 2024-04-17T07:00:28.277Z Content-Type: application/json Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: update.drp.su Content-Length: 153 Connection: Keep-Alive Cache-Control: no-cache
Apr 17, 2024 09:00:30.877798080 CEST	176	IN	HTTP/1.1 202 Accepted Server: nginx/1.10.3 (Ubuntu) Date: Wed, 17 Apr 2024 07:00:30 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report install_numarkidjliveii.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

System Summary

Data Obfuscation

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\30541482[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\33423178[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\46420341[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\advert[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\allfont[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\collect[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\collect[2].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\30541482[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\33423178[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\46420341[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\COARH4S2.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\collect[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sync_cookie_image_decide_secondary[1].gif

Windows Analysis Report
install_numarkidjliveii.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:07 UTC	326	OUT	GET /allfont.css?fonts=lucida-console HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Connection: Keep-Alive Host: allfont.ru
2024-04-17 07:00:07 UTC	665	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 17 Apr 2024 07:00:07 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close location: https://allfont.ru/allfont.css?fonts=lucida-console Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wt44Z%2BgTgs9hGN%2FL2o8RyLog6S4qhPOx%2BZKVAaJFb%2FBvYhhGrBItRf8Yc2Jsgaq8fXVQOAXu8duwEXZnX2mAflTMXGZ4lbwVk%2BqgcRbe%2B86sKJjjlv7uRA%2FKX7Iy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 875a894a59227ba6-ATL alt-svc: h3=":443"; ma=86400
2024-04-17 07:00:07 UTC	175	IN	Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.25.3</center></body></html>
2024-04-17 07:00:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:11 UTC	312	OUT	GET /metrika/watch.js HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: mc.yandex.ru Connection: Keep-Alive
2024-04-17 07:00:12 UTC	1279	IN	HTTP/1.1 200 OK Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: max-age=3600 Connection: Close Content-Length: 167357 Content-Type: application/javascript Date: Wed, 17 Apr 2024 07:00:12 GMT ETag: "6617c30c-28dbd" Expires: Wed, 17 Apr 2024 08:00:12 GMT Last-Modified: Thu, 11 Apr 2024 11:01:32 GMT Set-Cookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; domain=.yandex.ru; path=/; expires=Sat, 15 Apr 2034 07:00:12 GMT; secure Set-Cookie: i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; Expires=Fri, 17-Apr-2026 07:00:12 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly Set-Cookie: yandexuid=2692244731713337212; Expires=Fri, 17-Apr-2026 07:00:12 GMT; Domain=.yandex.ru; Path=/; Secure Set-Cookie: yashr=3469293421713337212; Path=/; Domain=.yandex.ru; Expires=Thu, 17 Apr 2025 07:00:12 GMT; Secure; HttpOnly Strict-Transport-Security: max-age=31536000 Timing-Allow-Origin: *
2024-04-17 07:00:12 UTC	7116	IN	Data Raw: ef bb bf 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 77 65 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 72 65 74 75 72 6e 20 78 28 77 69 6e 64 6f 77 2c 22 63 2e 69 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 66 28 44 29 7b 28 44 3d 78 65 28 6c 2c 6d 2c 22 22 2c 44 29 28 6c 2c 6d 29 29 26 26 28 58 28 44 2e 74 68 65 6e 29 3f 44 2e 74 68 65 6e 28 67 29 3a 67 28 44 29 29 3b 72 65 74 75 72 6e 20 44 7d 66 75 6e 63 74 69 6f 6e 20 67 28 44 29 7b 44 26 26 28 58 28 44 29 3f 71 2e 70 75 73 68 28 44 29 3a 63 61 28 44 29 26 26 79 28 66 75 6e 63 74 69 6f 6e 28 4e 29 7b 76 61 72 20 4d 3d 4e 5b 30 5d 3b 4e 3d 4e 5b 31 5d 3b 58 28 4e 29 26 26 28 22 75 22 3d 3d 3d 4d Data Ascii: (function(){try{(function(){function we(a,b,c,d){var e=this;return x(window,"c.i",function(){function f(D){(D=xe(l,m,"",D)(l,m))&&(X(D.then)?D.then(g):g(D));return D}function g(D){D&&(X(D)?q.push(D):ca(D)&&y(function(N){var M=N[0];N=N[1];X(N)&&("u"===M
2024-04-17 07:00:12 UTC	8168	IN	Data Raw: 74 65 3d 77 62 28 63 29 29 3b 62 2e 70 61 72 61 6d 73 28 28 67 3d 7b 7d 2c 67 2e 5f 5f 79 6d 3d 64 2c 67 29 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 67 28 61 2c 62 29 7b 76 61 72 20 63 3d 6e 28 62 2c 22 74 61 72 67 65 74 22 29 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 6e 28 63 2c 22 76 61 6c 75 65 22 29 3b 69 66 28 28 64 3d 53 61 28 64 29 29 26 26 21 28 31 30 30 3c 3d 50 61 28 64 29 29 29 7b 76 61 72 20 65 3d 22 74 65 6c 22 3d 3d 3d 6e 28 63 2c 22 74 79 70 65 22 29 2c 66 3d 30 3c 45 62 28 64 2c 22 40 22 29 26 26 21 65 2c 67 3d 46 62 28 64 29 2c 68 3d 50 61 28 67 29 3b 69 66 28 66 7c 7c 21 66 26 26 28 65 7c 7c 68 29 29 7b 69 66 28 66 29 7b 69 66 28 64 3d 4c 67 28 64 29 2c 35 3e 50 61 28 64 29 7c 7c 31 30 30 3c 50 61 28 64 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 7b Data Ascii: te=wb(c));b.params((g={},g.__ym=d,g))}function Kg(a,b){var c=n(b,"target");if(c){var d=n(c,"value");if((d=Sa(d))&&!(100<=Pa(d))){var e="tel"===n(c,"type"),f=0<Eb(d,"@")&&!e,g=Fb(d),h=Pa(g);if(f\|\|!f&&(e\|\|h)){if(f){if(d=Lg(d),5>Pa(d)\|\|100<Pa(d))return}else{
2024-04-17 07:00:12 UTC	8168	IN	Data Raw: 74 68 2e 61 62 73 28 61 2e 79 2d 55 65 2e 79 29 29 29 72 65 74 75 72 6e 20 67 68 3d 63 2c 55 65 3d 61 2c 62 3d 4c 61 28 62 29 2c 63 3d 5b 5d 2c 4d 61 28 63 2c 33 29 2c 48 28 63 2c 62 29 2c 48 28 63 2c 61 2e 78 29 2c 48 28 63 2c 61 2e 79 29 2c 63 7d 66 75 6e 63 74 69 6f 6e 20 74 6d 28 61 29 7b 76 61 72 20 62 3d 61 2e 6c 2c 63 3d 61 2e 57 2c 64 3d 59 28 62 29 28 5a 29 2c 65 3d 64 2d 68 68 3b 69 66 28 21 28 31 30 3e 65 29 29 7b 62 3d 4e 64 28 62 2c 63 29 3b 63 3d 56 65 2e 78 2d 62 2e 78 3b 76 61 72 20 66 3d 56 65 2e 79 2d 62 2e 79 3b 63 3d 63 2a 63 2b 66 2a 66 3b 69 66 28 21 28 30 3e 3d 63 7c 7c 31 36 3e 63 26 26 31 30 30 3e 65 7c 7c 32 30 3e 65 26 26 32 35 36 3e 63 29 29 72 65 74 75 72 6e 20 68 68 3d 64 2c 56 65 3d 62 2c 56 63 28 61 29 7d 7d 66 75 6e 63 74 Data Ascii: th.abs(a.y-Ue.y)))return gh=c,Ue=a,b=La(b),c=[],Ma(c,3),H(c,b),H(c,a.x),H(c,a.y),c}function tm(a){var b=a.l,c=a.W,d=Y(b)(Z),e=d-hh;if(!(10>e)){b=Nd(b,c);c=Ve.x-b.x;var f=Ve.y-b.y;c=cc+ff;if(!(0>=c\|\|16>c&&100>e\|\|20>e&&256>c))return hh=d,Ve=b,Vc(a)}}funct
2024-04-17 07:00:12 UTC	8168	IN	Data Raw: 3c 3c 32 29 2c 65 2e 70 75 73 68 28 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 5b 63 3e 3e 31 32 26 36 33 5d 2c 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 5b 63 3e 3e 36 26 36 33 5d 2c 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 5b 63 26 36 33 5d 2c 22 3d 22 29 7d 65 3d 4a 28 22 22 2c 65 29 Data Ascii: <<2),e.push("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="[c>>12&63],"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="[c>>6&63],"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="[c&63],"=")}e=J("",e)
2024-04-17 07:00:12 UTC	8168	IN	Data Raw: 5f 79 6d 3d 28 66 3d 7b 7d 2c 66 2e 69 74 65 3d 77 62 28 63 29 2c 66 29 2c 65 29 3b 5a 64 28 61 2c 62 2c 22 62 74 6e 22 2c 68 29 2e 72 65 61 63 68 47 6f 61 6c 28 67 2c 63 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4b 6e 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 6e 28 64 2c 22 74 61 72 67 65 74 22 29 3b 65 26 26 28 64 3d 6e 28 64 2c 22 69 73 54 72 75 73 74 65 64 22 29 2c 28 65 3d 57 62 28 22 62 75 74 74 6f 6e 2c 69 6e 70 75 74 22 2c 61 2c 65 29 29 26 26 22 73 75 62 6d 69 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 65 3d 47 68 28 61 2c 65 29 29 29 26 26 28 63 2e 70 75 73 68 28 65 29 2c 65 61 28 61 2c 41 28 5b 21 31 2c 61 2c 62 2c 63 2c 65 2c 64 5d 2c 24 68 29 2c 33 30 30 29 29 7d 66 75 6e 63 74 69 6f 6e 20 24 68 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 76 61 Data Ascii: _ym=(f={},f.ite=wb(c),f),e);Zd(a,b,"btn",h).reachGoal(g,c)}}function Kn(a,b,c,d){var e=n(d,"target");e&&(d=n(d,"isTrusted"),(e=Wb("button,input",a,e))&&"submit"===e.type&&(e=Gh(a,e)))&&(c.push(e),ea(a,A([!1,a,b,c,e,d],$h),300))}function $h(a,b,c,d,e,f){va
2024-04-17 07:00:12 UTC	8168	IN	Data Raw: 5d 3f 22 37 22 2b 64 2e 73 6c 69 63 65 28 31 29 3a 22 2b 22 3d 3d 3d 63 5b 30 5d 7c 7c 55 62 28 61 2c 2b 63 5b 30 5d 29 3f 64 3a 22 37 22 2b 64 7d 66 75 6e 63 74 69 6f 6e 20 6d 69 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 49 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 3d 28 6e 65 77 20 61 2e 54 65 78 74 45 6e 63 6f 64 65 72 29 2e 65 6e 63 6f 64 65 28 62 29 3b 61 2e 63 72 79 70 74 6f 2e 73 75 62 74 6c 65 2e 64 69 67 65 73 74 28 22 53 48 41 2d 32 35 36 22 2c 65 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 66 29 7b 66 3d 6e 65 77 20 61 2e 42 6c 6f 62 28 5b 66 5d 2c 7b 74 79 70 65 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 62 69 6e 61 72 79 22 7d 29 3b 76 61 72 20 67 3d 6e 65 77 20 61 2e 46 69 6c 65 52 65 61 64 65 Data Ascii: ]?"7"+d.slice(1):"+"===c[0]\|\|Ub(a,+c[0])?d:"7"+d}function mi(a,b){return new I(function(c,d){var e=(new a.TextEncoder).encode(b);a.crypto.subtle.digest("SHA-256",e).then(function(f){f=new a.Blob([f],{type:"application/octet-binary"});var g=new a.FileReade
2024-04-17 07:00:12 UTC	8168	IN	Data Raw: 3a 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 62 63 28 61 2c 62 29 7b 76 61 72 20 63 3d 51 62 28 61 29 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 65 3d 63 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 72 63 3d 62 2e 73 72 63 3b 65 2e 74 79 70 65 3d 62 2e 74 79 70 65 7c 7c 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3b 65 2e 63 68 61 72 73 65 74 3d 62 2e 63 68 61 72 73 65 74 7c 7c 22 75 74 66 2d 38 22 3b 65 2e 61 73 79 6e 63 3d 62 2e 61 73 79 6e 63 7c 7c 21 30 3b 74 72 79 7b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 3b 69 66 28 21 66 29 7b 76 61 72 20 67 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 Data Ascii: :null}return null}function bc(a,b){var c=Qb(a);if(c){var d=a.document,e=c("script");e.src=b.src;e.type=b.type\|\|"text/javascript";e.charset=b.charset\|\|"utf-8";e.async=b.async\|\|!0;try{var f=d.getElementsByTagName("head")[0];if(!f){var g=d.getElementsByTagNa
2024-04-17 07:00:12 UTC	8168	IN	Data Raw: 63 74 69 6f 6e 20 45 67 28 61 2c 62 2c 63 2c 64 29 7b 76 6f 69 64 20 30 3d 3d 3d 63 26 26 28 63 3d 31 29 3b 76 6f 69 64 20 30 3d 3d 3d 64 26 26 28 64 3d 4f 6f 29 3b 78 66 3d 49 6e 66 69 6e 69 74 79 3d 3d 3d 63 3b 72 65 74 75 72 6e 20 48 61 28 66 75 6e 63 74 69 6f 6e 28 65 2c 66 29 7b 66 75 6e 63 74 69 6f 6e 20 67 28 29 7b 74 72 79 7b 76 61 72 20 6b 3d 62 28 64 28 61 2c 63 29 29 3b 68 3d 68 2e 63 6f 6e 63 61 74 28 6b 29 7d 63 61 74 63 68 28 6c 29 7b 72 65 74 75 72 6e 20 65 28 6c 29 7d 62 28 50 6f 29 3b 69 66 28 62 28 6f 65 29 29 72 65 74 75 72 6e 20 66 28 68 29 2c 55 69 28 61 29 3b 78 66 3f 28 62 28 64 28 61 2c 31 45 34 29 29 2c 66 28 68 29 2c 55 69 28 61 29 29 3a 65 61 28 61 2c 67 2c 31 30 30 29 7d 76 61 72 20 68 3d 5b 5d 3b 51 6f 28 67 29 7d 29 7d 66 75 Data Ascii: ction Eg(a,b,c,d){void 0===c&&(c=1);void 0===d&&(d=Oo);xf=Infinity===c;return Ha(function(e,f){function g(){try{var k=b(d(a,c));h=h.concat(k)}catch(l){return e(l)}b(Po);if(b(oe))return f(h),Ui(a);xf?(b(d(a,1E4)),f(h),Ui(a)):ea(a,g,100)}var h=[];Qo(g)})}fu
2024-04-17 07:00:12 UTC	8168	IN	Data Raw: 2c 30 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 59 61 28 61 29 7b 74 68 72 6f 77 20 61 3b 7d 66 75 6e 63 74 69 6f 6e 20 66 64 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 70 63 28 22 73 65 74 54 69 6d 65 6f 75 74 22 2c 61 29 28 62 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 4a 61 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 70 63 28 22 63 6c 65 61 72 54 69 6d 65 6f 75 74 22 2c 61 29 28 62 29 7d 66 75 6e 63 74 69 6f 6e 20 61 64 28 29 7b 72 65 74 75 72 6e 5b 5d 7d 66 75 6e 63 74 69 6f 6e 20 45 63 28 29 7b 72 65 74 75 72 6e 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 63 28 61 2c 62 29 7b 76 61 72 20 63 3d 6e 28 62 2c 61 29 2c 64 3d 6e 28 62 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 61 29 7c 7c 63 3b 74 72 79 7b 69 66 28 64 26 26 64 2e 61 70 70 Data Ascii: ,0)}}function Ya(a){throw a;}function fd(a,b,c){return pc("setTimeout",a)(b,c)}function Ja(a,b){return pc("clearTimeout",a)(b)}function ad(){return[]}function Ec(){return{}}function pc(a,b){var c=n(b,a),d=n(b,"constructor.prototype."+a)\|\|c;try{if(d&&d.app
2024-04-17 07:00:12 UTC	8168	IN	Data Raw: 4e 6f 64 65 26 26 57 62 28 22 5b 69 74 65 6d 74 79 70 65 5d 22 2c 61 2c 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 3d 3d 3d 62 7d 2c 63 29 3a 63 7d 66 75 6e 63 74 69 6f 6e 20 58 61 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 28 61 3d 70 64 28 61 2c 62 2c 63 29 29 26 26 61 2e 6c 65 6e 67 74 68 3f 61 5b 30 5d 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 52 61 28 61 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 22 22 3b 61 3d 4f 28 61 29 3f 61 3a 5b 61 5d 3b 72 65 74 75 72 6e 20 61 2e 6c 65 6e 67 74 68 3f 61 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6f 6e 74 65 6e 74 22 29 7c 7c 74 62 28 61 5b 30 5d 29 3a 22 22 7d 66 75 6e 63 74 69 6f 6e 20 75 6a 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 2e 61 74 74 72 69 62 75 74 65 73 26 26 61 2e 67 65 74 41 74 74 72 Data Ascii: Node&&Wb("[itemtype]",a,e.parentNode)===b},c):c}function Xa(a,b,c){return(a=pd(a,b,c))&&a.length?a[0]:null}function Ra(a){if(!a)return"";a=O(a)?a:[a];return a.length?a[0].getAttribute("content")\|\|tb(a[0]):""}function uj(a){return a?a.attributes&&a.getAttr

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:22 UTC	320	OUT	GET /sync_cookie_image_check HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: mc.yandex.com Connection: Keep-Alive
2024-04-17 07:00:22 UTC	505	IN	HTTP/1.1 302 Moved temporarily Connection: Close Date: Wed, 17 Apr 2024 07:00:22 GMT Location: https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10342.GydfnN1hdXfzFQMQDc44Q9HEARHRitoT-zHbErZ1LfApOqGOx2dpAKEBlffDSP0X.FDbPLjp3CwmBnIrB84hgd_gqR4I%2C Set-Cookie: sync_cookie_csrf=1371361366fake; Expires=Wed, 17-Apr-2024 07:10:22 GMT; Domain=.mc.yandex.com; Path=/ Strict-Transport-Security: max-age=31536000 Transfer-Encoding: chunked X-XSS-Protection: 1; mode=block
2024-04-17 07:00:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:22 UTC	754	OUT	GET /clmap/33423178?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A897563375%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1 Accept: /* Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: mc.yandex.com Connection: Keep-Alive
2024-04-17 07:00:22 UTC	374	IN	HTTP/1.1 200 Ok Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Connection: Close Content-Length: 43 Content-Type: image/gif Date: Wed, 17 Apr 2024 07:00:22 GMT Expires: Wed, 17-Apr-2024 07:00:22 GMT Last-Modified: Wed, 17-Apr-2024 07:00:22 GMT Pragma: no-cache Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block
2024-04-17 07:00:22 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:23 UTC	754	OUT	GET /clmap/46420341?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A678962730%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1 Accept: /* Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: mc.yandex.com Connection: Keep-Alive
2024-04-17 07:00:24 UTC	374	IN	HTTP/1.1 200 Ok Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Connection: Close Content-Length: 43 Content-Type: image/gif Date: Wed, 17 Apr 2024 07:00:23 GMT Expires: Wed, 17-Apr-2024 07:00:23 GMT Last-Modified: Wed, 17-Apr-2024 07:00:23 GMT Pragma: no-cache Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block
2024-04-17 07:00:24 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:23 UTC	754	OUT	GET /clmap/30541482?page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&pointer-click=rn%3A612501295%3Ax%3A32153%3Ay%3A0%3At%3A0%3Ap%3AA1AA%3AX%3A628%3AY%3A0&browser-info=u%3A1713337221523401810%3Av%3A1310%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Arqnl%3A1%3Ast%3A1713337221&t=gdpr(14)ti(4) HTTP/1.1 Accept: /* Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: mc.yandex.com Connection: Keep-Alive
2024-04-17 07:00:24 UTC	374	IN	HTTP/1.1 200 Ok Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Connection: Close Content-Length: 43 Content-Type: image/gif Date: Wed, 17 Apr 2024 07:00:24 GMT Expires: Wed, 17-Apr-2024 07:00:24 GMT Last-Modified: Wed, 17-Apr-2024 07:00:24 GMT Pragma: no-cache Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block
2024-04-17 07:00:24 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:23 UTC	691	OUT	GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10342.GydfnN1hdXfzFQMQDc44Q9HEARHRitoT-zHbErZ1LfApOqGOx2dpAKEBlffDSP0X.FDbPLjp3CwmBnIrB84hgd_gqR4I%2C HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Connection: Keep-Alive Host: mc.yandex.ru Cookie: _yasc=fxsuQIq5406d0rCKBri5nUCfRUKjpwvzvdVERDj2RqS35HL7knbNv0UpISy8axa1; i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; yandexuid=2692244731713337212; yashr=3469293421713337212
2024-04-17 07:00:24 UTC	650	IN	HTTP/1.1 302 Moved temporarily Connection: Close Date: Wed, 17 Apr 2024 07:00:23 GMT Location: https://mc.yandex.com/sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs72L_uu8aciMa61tJdTByjYa-tbhOlaiiH39pT7baN8uNFtHdS_OHUdCxokWI3ADXqSYlkJAoI11U2LG9IAAVMfj9hF4GTnDeZ3JeM0yaGM1yQij2zuY2nROj8Azk-nstTQTYGsNVujtqpADUt3taDrdRm6EVyuFO_c4AYpbuahbEDArxuzadVBhxNsww2eyQSA%2C.ol5KyN6CWxJartpTnqUpSoDvL58%2C Set-Cookie: sync_cookie_csrf=1872351521fake; Expires=Wed, 17-Apr-2024 07:10:23 GMT; Domain=.mc.yandex.ru; Path=/ Strict-Transport-Security: max-age=31536000 Transfer-Encoding: chunked X-XSS-Protection: 1; mode=block
2024-04-17 07:00:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:24 UTC	315	OUT	GET /metrika/advert.gif HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: mc.yandex.com Connection: Keep-Alive
2024-04-17 07:00:25 UTC	1261	IN	HTTP/1.1 200 OK Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: max-age=3600 Connection: Close Content-Length: 43 Content-Type: image/gif Date: Wed, 17 Apr 2024 07:00:24 GMT ETag: "6617c30c-2b" Expires: Wed, 17 Apr 2024 08:00:24 GMT Last-Modified: Thu, 11 Apr 2024 11:01:32 GMT Set-Cookie: _yasc=sbw9M146rBfRqLHuqFkNgWnV73Fd/fJIJN6Zhj2jpFCRFW7wDsy3/i8fgh894Bpb; domain=.yandex.com; path=/; expires=Sat, 15 Apr 2034 07:00:24 GMT; secure Set-Cookie: i=idwUsnftbZ6wL24XLPcNlNLwlcicvdwzLM99tyhhByV3iGd3OZ5UslSbCkA65cjKzcp4FhUECS+nItXgrbArzna+8QQ=; Expires=Fri, 17-Apr-2026 07:00:24 GMT; Domain=.yandex.com; Path=/; Secure; HttpOnly Set-Cookie: yandexuid=802732261713337224; Expires=Fri, 17-Apr-2026 07:00:24 GMT; Domain=.yandex.com; Path=/; Secure Set-Cookie: yashr=917947241713337224; Path=/; Domain=.yandex.com; Expires=Thu, 17 Apr 2025 07:00:24 GMT; Secure; HttpOnly Strict-Transport-Security: max-age=31536000 Timing-Allow-Origin: *
2024-04-17 07:00:25 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:24 UTC	644	OUT	GET /sync_cookie_image_decide?token=10342.tdBwSBrsNdvzPCrH6BGIj42E8vl3u_E2ne27H2mhs72L_uu8aciMa61tJdTByjYa-tbhOlaiiH39pT7baN8uNFtHdS_OHUdCxokWI3ADXqSYlkJAoI11U2LG9IAAVMfj9hF4GTnDeZ3JeM0yaGM1yQij2zuY2nROj8Azk-nstTQTYGsNVujtqpADUt3taDrdRm6EVyuFO_c4AYpbuahbEDArxuzadVBhxNsww2eyQSA%2C.ol5KyN6CWxJartpTnqUpSoDvL58%2C HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Connection: Keep-Alive Host: mc.yandex.com Cookie: sync_cookie_csrf=1371361366fake
2024-04-17 07:00:25 UTC	747	IN	HTTP/1.1 200 Ok Connection: Close Content-Length: 43 Content-Type: image/gif Date: Wed, 17 Apr 2024 07:00:25 GMT Set-Cookie: yandexuid=2692244731713337212; Expires=Sat, 15-Apr-2034 07:00:25 GMT; Domain=.yandex.com; Path=/ Set-Cookie: i=R725CKdtaddnaTcFZuH88PS8dJT2x1orKQxoYiSQDu2Cgaw6u7dU3M2ildpSCsSO0SJJSz0B0gaPgRLrDpszJnFYq0o=; Expires=Sat, 15-Apr-2034 07:00:25 GMT; Domain=.yandex.com; Path=/ Set-Cookie: sync_cookie_ok=synced; Expires=Thu, 18-Apr-2024 07:00:25 GMT; Domain=.mc.yandex.com; Path=/ Set-Cookie: _yasc=2A8adUxVkNL675YcVVj2dify9rkgZ9KqDer4LkGTokl29iuEkOOPraCsWUReAy/t; domain=.yandex.com; path=/; expires=Sat, 15 Apr 2034 07:00:25 GMT; secure Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block
2024-04-17 07:00:25 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-04-17 07:00:25 UTC	1114	OUT	GET /watch/30541482?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr(14)mc(p-1-ui-1)clc(0-0-0)eco(3703048)aw(1)rcm(0)cdl(na)ti(2) HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: mc.yandex.com Connection: Keep-Alive Cookie: sync_cookie_csrf=1371361366fake
2024-04-17 07:00:26 UTC	2140	IN	HTTP/1.1 302 Moved temporarily Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Connection: Close Date: Wed, 17 Apr 2024 07:00:25 GMT Expires: Wed, 17-Apr-2024 07:00:25 GMT Last-Modified: Wed, 17-Apr-2024 07:00:25 GMT Location: /watch/30541482/1?wmode=7&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2Fuser%2FAppData%2FLocal%2FTemp%2FDriverPack-2024041790000%2FDriverPackSolution.html%23C%253A%255CUsers%255Cuser%255CAppData%255CLocal%255CTemp%255CDriverPack-2024041790000%255Crun.hta%2520&nohit=1&charset=utf-8&ut=noindex&uah=che%0A0&browser-info=pv%3A1%3Avf%3A666f337a5rpc9tpuxktcnb7h7%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-CH%3Av%3A1310%3Acn%3A2%3Adp%3A0%3Als%3A216293643373%3Ahid%3A878105662%3Az%3A120%3Ai%3A20240417090021%3Aet%3A1713337221%3Ac%3A1%3Arn%3A57545193%3Au%3A1713337221523401810%3Aw%3A1280x984%3As%3A1280x1024x24%3Ask%3A1%3Aj%3A1%3Aco%3A0%3Ans%3A1713337205210%3Arqnl%3A1%3Ast%3A1713337223%3At%3ADriverPack%20Solution%2017.10.7%20Online&t=gdpr%2814%29mc%28p-1-ui-1%29clc%280-0-0%29eco%283703048%29aw%281%29rcm%280%29cdl%28na%29ti%282%29&redirnss=1 Pragma: no-cache Set-Cookie: yabs-sid=2595979941713337225; Path=/ Set-Cookie: i=/SZrgNStdKMhZ8vyo2shk0RJcsq6ZXOxCbkj+zxmRO4aLAVN+JWX77m5VM/qN11pKg+5ZBPiPvYTHAFII2UziHGmqGg=; Expires=Sat, 15-Apr-2034 07:00:13 GMT; Domain=.yandex.com; Path=/; HttpOnly Set-Cookie: yandexuid=4952632461713337225; Expires=Sat, 15-Apr-2034 07:00:13 GMT; Domain=.yandex.com; Path=/ Set-Cookie: ymex=1744873225.yrts.1713337225#1744873225.yrtsi.1713337225; Expires=Thu, 17-Apr-2025 07:00:25 GMT; Domain=.yandex.com; Path=/ Set-Cookie: _yasc=cpYmX1FPsBUHq9d3hlVYXn/wraKrZtFFVl3azNMvJUrLV2ySxxEm5oK9f9VJ6Dvh; domain=.yandex.com; path=/; expires=Sat, 15 Apr 2034 07:00:25 GMT; secure Strict-Transport-Security: max-age=31536000 Transfer-Encoding: chunked X-XSS-Protection: 1; mode=block
2024-04-17 07:00:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0