Loading ...

Play interactive tourEdit tour

Analysis Report main.jpg

Overview

General Information

Sample Name:main.jpg (renamed file extension from jpg to dll)
Analysis ID:269501
MD5:4c6baad36c53dd23cadc70afc17039fe
SHA1:4f93d77f0a775199a20fe78b8bdc5eb96db2515f
SHA256:5dd46ffb36515bb87100f21b3da62c74a3734782af7dc32f83d51b73d5cdcc51

Most interesting Screenshot:

Detection

IcedID
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected IcedID
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Tries to detect virtualization through RDTSC time measurements
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Registers a DLL
Sample file is different than original file name gathered from version info
Tries to load missing DLLs

Classification

Startup

  • System is w10x64
  • loaddll32.exe (PID: 5612 cmdline: loaddll32.exe 'C:\Users\user\Desktop\main.dll' MD5: 6A3082E6152C823BF9EB895EA06EA605)
    • regsvr32.exe (PID: 5736 cmdline: regsvr32.exe /s C:\Users\user\Desktop\main.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • cmd.exe (PID: 4900 cmdline: C:\Windows\system32\cmd.exe /c 'C:\Program Files\Internet Explorer\iexplore.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • iexplore.exe (PID: 4808 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
        • iexplore.exe (PID: 4604 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4808 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.426536518.0000000002883000.00000004.00000001.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
    00000001.00000002.426566773.00000000028AE000.00000004.00000001.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
      00000001.00000003.413011301.0000000002883000.00000004.00000001.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
        00000001.00000003.413208505.00000000028A1000.00000004.00000001.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
          Process Memory Space: regsvr32.exe PID: 5736JoeSecurity_IcedID_1Yara detected IcedIDJoe Security

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Yara detected IcedIDShow sources
            Source: Yara matchFile source: 00000001.00000002.426536518.0000000002883000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.426566773.00000000028AE000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.413011301.0000000002883000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.413208505.00000000028A1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 5736, type: MEMORY
            Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_6D9A8190 FindFirstFileExW,std::_Timevec::_Timevec,FindNextFileW,1_2_6D9A8190

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2925 INFO web bug 0x0 gif attempt 23.10.249.32:80 -> 192.168.2.7:49698
            Source: regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: <a class="ac-gf-directory-column-section-link analytics-exitlink" data-analytics-event="link.click" data-analytics-link-component_type="Simple List" data-analytics-link-component_name="Apple Support Videos" data-analytics-link-url="https://www.youtube.com/applesupport" href="https://www.youtube.com/applesupport" rel="nofollow">Apple Support Videos</a></li> equals www.youtube.com (Youtube)
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: <h3 class="contentLink-title">Watch and learn</h3><p class="contentLink-copy">Then play. Discover new ways to enjoy your devices with our how-to and help videos.</p><a class="contentLink-link analytics-exitlink" href="https://www.youtube.com/applesupport" rel="nofollow" data-analytics-event="link.component_click" data-analytics-link-component_type="Content Link" data-analytics-link-component_name="Explore our videos on YouTube" data-analytics-link-url="https://www.youtube.com/applesupport"> equals www.youtube.com (Youtube)
            Source: de-ch[1].htm.4.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-id="42" data-m='{"i":42,"p":41,"n":"facebooklite","y":14,"l":"me_facebook_headerText_signIn","o":1}'><h3>Facebook</h3></a> equals www.facebook.com (Facebook)
            Source: de-ch[1].htm.4.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
            Source: regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: "https://www.youtube.com/applesupport", equals www.youtube.com (Youtube)
            Source: de-ch[1].htm.4.drString found in binary or memory: <a target="_blank" href="https://www.facebook.com"> equals www.facebook.com (Facebook)
            Source: de-ch[1].htm.4.drString found in binary or memory: <a target="_blank" href="https://www.facebook.com/friends/requests"> equals www.facebook.com (Facebook)
            Source: de-ch[1].htm.4.drString found in binary or memory: <a target="_blank" href="https://www.facebook.com/messages"> equals www.facebook.com (Facebook)
            Source: de-ch[1].htm.4.drString found in binary or memory: <a target="_blank" href="https://www.facebook.com/notifications"> equals www.facebook.com (Facebook)
            Source: msapplication.xml0.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x943668c0,0x01d6753c</date><accdate>0x943668c0,0x01d6753c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
            Source: msapplication.xml0.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x943668c0,0x01d6753c</date><accdate>0x943668c0,0x01d6753c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
            Source: msapplication.xml5.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x943d9042,0x01d6753c</date><accdate>0x943d9042,0x01d6753c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
            Source: msapplication.xml5.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x943d9042,0x01d6753c</date><accdate>0x943d9042,0x01d6753c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
            Source: msapplication.xml7.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x943ff212,0x01d6753c</date><accdate>0x943ff212,0x01d6753c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
            Source: msapplication.xml7.3.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x943ff212,0x01d6753c</date><accdate>0x943ff212,0x01d6753c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
            Source: de-ch[1].htm.4.drString found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="http://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
            Source: regsvr32.exe, 00000001.00000003.391268650.00000000028B3000.00000004.00000001.sdmpString found in binary or memory: content-security-policy: default-src 'self' ; connect-src 'self' https://api.twitter.com https://syndication.twitter.com https://www.google-analytics.com https://*.tt.omtrdc.net; font-src 'self' https://*.twimg.com https://*.twitter.com data:; frame-src 'self' https://twitter.com https://*.twitter.com; img-src 'self' https://*.twimg.com https://*.twitter.com https://www.google-analytics.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com https://twitter.com/i/jot data:; media-src 'self' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com; object-src 'self' ; script-src 'self' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' https://*.twitter.com https://static.ads-twitter.com https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com; report-uri https://twitter.com/i/csp_report; frame-ancestors 'self' equals www.twitter.com (Twitter)
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: default-src 'self' ; connect-src 'self' https://api.twitter.com https://syndication.twitter.com https://www.google-analytics.com https://*.tt.omtrdc.net; font-src 'self' https://*.twimg.com https://*.twitter.com data:; frame-src 'self' https://twitter.com https://*.twitter.com; img-src 'self' https://*.twimg.com https://*.twitter.com https://www.google-analytics.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com https://twitter.com/i/jot data:; media-src 'self' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com; object-src 'self' ; script-src 'self' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' https://*.twitter.com https://static.ads-twitter.com https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com; report-uri https://twitter.com/i/csp_report; frame-ancestors 'self' equals www.twitter.com (Twitter)
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
            Source: de-ch[1].htm.4.drString found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"&nbsp;&nbsp;&nbsp;Ref 2: "+e.html(t.clientSettings.sid||"000000")+"&nbsp;&nbsp;&nbsp;Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function ot(){var n=v(arguments);a(l(n,h),n)}function st(){var n=v(arguments);a(l(n,y),n)}function ht(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ht,warning:ot,information:st}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="http://www.msn.com/de-ch"/><meta property="og:url" content="http://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="http://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick{display:none}.todaystripe .todayshowcasead:hover{opacity:1}.spartan #main .paging-container.snap{overflow-x:hidden}#addRemoveSectionsModalContainer #addR
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://outlook.live.com/mail/deeplink/compose;Kalender|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: x-response-time112x-frame-optionsSAMEORIGINx-connection-hashb2197803bd5472bcdc1636cddcb0b14estrict-transport-securitymax-age=631138519content-security-policydefault-src 'self' ; connect-src 'self' https://api.twitter.com https://syndication.twitter.com https://www.google-analytics.com https://*.tt.omtrdc.net; font-src 'self' https://*.twimg.com https://*.twitter.com data:; frame-src 'self' https://twitter.com https://*.twitter.com; img-src 'self' https://*.twimg.com https://*.twitter.com https://www.google-analytics.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com https://twitter.com/i/jot data:; media-src 'self' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com; object-src 'self' ; script-src 'self' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' https://*.twitter.com https://static.ads-twitter.com https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com; report-uri https://twitter.com/i/csp_report; frame-ancestors 'self'Persistent-AuthWWW-AuthenticateCookie,X-Twitter-Internal,X-Twitter-IP-TagsVarycms-csp-nonce=8436d2157b1724291b834f979fd32ea; Max-Age=15; Expires=Mon, 17 Aug 2020 23:51:01 GMT; Path=/; Securect0=eacb636eb434394923630212ef48ade2; Max-Age=21600; Expires=Tue, 18 Aug 2020 05:50:46 GMT; Path=/; Domain=.twitter.com; Secureguest_id=v1%3A159770824680570928; Max-Age=63072000; Expires=Wed, 17 Aug 2022 23:50:46 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=Nonepersonalization_id="v1_fdT6cpOlI/T0sp06OJjQ+A=="; Max-Age=63072000; Expires=Wed, 17 Aug 2022 23:50:46 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=NoneSet-Cookietsa_oServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocation"13b73-5accd03fe802d"ETagAuthentication-Info336828AgebytesAccept-RangesFri, 14 Aug 2020 02:16:58 GMTLast-ModifiedTue, 18 Aug 2020 00:00:46 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingapplication/javascriptContent-Type80755Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 17 Aug 2020 23:50:46 GMTDateProxy-ConnectionConnectionmax-age=600Cache-Control equals www.twitter.com (Twitter)
            Source: regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: x-xss-protection0x-response-time112x-frame-optionsSAMEORIGINx-connection-hashb2197803bd5472bcdc1636cddcb0b14estrict-transport-securitymax-age=631138519content-security-policydefault-src 'self' ; connect-src 'self' https://api.twitter.com https://syndication.twitter.com https://www.google-analytics.com https://*.tt.omtrdc.net; font-src 'self' https://*.twimg.com https://*.twitter.com data:; frame-src 'self' https://twitter.com https://*.twitter.com; img-src 'self' https://*.twimg.com https://*.twitter.com https://www.google-analytics.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com https://twitter.com/i/jot data:; media-src 'self' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com; object-src 'self' ; script-src 'self' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' https://*.twitter.com https://static.ads-twitter.com https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com https://cdn.goglobalwithtwitter.com; report-uri https://twitter.com/i/csp_report; frame-ancestors 'self'Persistent-AuthWWW-AuthenticateCookie,X-Twitter-Internal,X-Twitter-IP-TagsVarycms-csp-nonce=5f144f97ff9808e60de8a8179cb0484; Max-Age=15; Expires=Mon, 17 Aug 2020 23:51:01 GMT; Path=/; Securect0=3d3f0e9f54e9315bfdab7946448912b1; Max-Age=21600; Expires=Tue, 18 Aug 2020 05:50:46 GMT; Path=/; Domain=.twitter.com; SecureSet-Cookietsa_oServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-Info336687AgebytesAccept-RangesLast-ModifiedMon, 17 Aug 2020 23:50:46 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/htmlContent-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-EncodingTrailerPragmaKeep-AliveMon, 17 Aug 2020 23:50:46 GMTDateProxy-ConnectionConnectionmax-age=0Cache-Control equals www.twitter.com (Twitter)
            Source: unknownDNS traffic detected: queries for: www.msn.com
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA-3.crt0
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSecureSiteECCCA-1.crt0
            Source: de-ch[1].htm.4.drString found in binary or memory: http://clkuk.tradedoubler.com/click?p(245744)a(3064090)g(21928104)url(https://store.hp.com/Switzerla
            Source: regsvr32.exe, 00000001.00000002.426566773.00000000028AE000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: regsvr32.exe, 00000001.00000003.353984150.000000000284C000.00000004.00000001.sdmpString found in binary or memory: http://crl.microsoft=
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crl0
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0K
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertSHA2ExtendedValidationServerCA-3.crl0K
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertSecureSiteECCCA-1.crl0
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertSHA2ExtendedValidationServerCA-3.crl0K
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertSecureSiteECCCA-1.crl0L
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt0#
            Source: regsvr32.exe, 00000001.00000002.426520020.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
            Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
            Source: regsvr32.exe, 00000001.00000002.426566773.00000000028AE000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab.N
            Source: regsvr32.exe, 00000001.00000003.412830942.000000000282F000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.404407047.00000000028D1000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c5fd60ee93517
            Source: regsvr32.exe, 00000001.00000002.426566773.00000000028AE000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabVM
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://jet.us.oracle.com/css/samples/site/demo-alta-site-min.css
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0B
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0E
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0K
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0M
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0T
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmp, de-ch[1].htm.4.drString found in binary or memory: http://ogp.me/ns#
            Source: de-ch[1].htm.4.drString found in binary or memory: http://ogp.me/ns/fb#
            Source: auction[1].htm.4.drString found in binary or memory: http://popup.taboola.com/german
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: http://schema.org
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: http://schema.org/
            Source: {BD88C8D6-E12F-11EA-90E0-ECF4BB82F7E0}.dat.3.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
            Source: de-ch[1].htm.4.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/de-ch/homepage/api/modules/cdnfetch&quot;
            Source: imagestore.dat.4.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
            Source: de-ch[1].htm.4.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
            Source: de-ch[1].htm.4.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB16g6qc.img?h=27&amp;w
            Source: de-ch[1].htm.4.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB184hDk.img?h=166&amp;
            Source: de-ch[1].htm.4.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB184niW.img?h=166&amp;
            Source: de-ch[1].htm.4.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB184nvX.img?h=333&amp;
            Source: de-ch[1].htm.4.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&amp;w=
            Source: de-ch[1].htm.4.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&amp;w=
            Source: msapplication.xml.3.drString found in binary or memory: http://www.amazon.com/
            Source: regsvr32.exe, 00000001.00000003.366156589.0000000002889000.00000004.00000001.sdmpString found in binary or memory: http://www.apple.com/support/products/
            Source: msapplication.xml1.3.drString found in binary or memory: http://www.google.com/
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: http://www.intel.com
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: http://www.intel.com/content/www/de/de/homepage.html
            Source: msapplication.xml2.3.drString found in binary or memory: http://www.live.com/
            Source: de-ch[1].htm.4.drString found in binary or memory: http://www.msn.com/de-ch
            Source: de-ch[1].htm.4.drString found in binary or memory: http://www.msn.com/de-ch/
            Source: {BD88C8D6-E12F-11EA-90E0-ECF4BB82F7E0}.dat.3.drString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
            Source: de-ch[1].htm.4.drString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp&amp;item=deferred_page%3a1&amp;ignorejs=webcore%2fmodules%2fjsbu
            Source: {BD88C8D6-E12F-11EA-90E0-ECF4BB82F7E0}.dat.3.drString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehpPl
            Source: de-ch[1].htm.4.drString found in binary or memory: http://www.msn.com/de-ch/homepage/api/modules/fetch&quot;
            Source: de-ch[1].htm.4.drString found in binary or memory: http://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata&quot;
            Source: msapplication.xml3.3.drString found in binary or memory: http://www.nytimes.com/
            Source: msapplication.xml4.3.drString found in binary or memory: http://www.reddit.com/
            Source: msapplication.xml5.3.drString found in binary or memory: http://www.twitter.com/
            Source: msapplication.xml6.3.drString found in binary or memory: http://www.wikipedia.com/
            Source: msapplication.xml7.3.drString found in binary or memory: http://www.youtube.com/
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://about.twitter.com
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://about.twitter.com/en_us/advocacy.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://about.twitter.com/en_us/company.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://about.twitter.com/en_us/company/brand-resources.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://about.twitter.com/en_us/safety.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://abs.twimg.com/favicons/favicon.ico
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://ads.twitter.com?ref=en-btc-gobal-footer
            Source: de-ch[1].htm.4.drString found in binary or memory: https://amzn.to/2TTxhNg
            Source: auction[1].htm.4.drString found in binary or memory: https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&amp;ap
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://api.twitter.com
            Source: de-ch[1].htm.4.drString found in binary or memory: https://autovermietung.msn.com/de-ch/autovermietung
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://blog.twitter.com/developer
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://blog.twitter.com/en_us/tags.blog--marketing.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://blog.twitter.com/en_us/topics/company/2020/allyship-right-now-black-lives-matter.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://blog.twitter.com/en_us/topics/company/2020/covid-19.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://blog.twitter.com/engineering
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://blog.twitter.com/official/en_us.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://blog.twitter.com/small-business
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://business.twitter.com
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://business.twitter.com/en/advertising.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://business.twitter.com/en/analytics.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://business.twitter.com/en/help.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://business.twitter.com/en/targeting.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://careers.twitter.com/en.html
            Source: regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://cdn.cms-twdigitalassets.com
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://cdn.cms-twdigitalassets.com/etc/designs/common-twitter/clientlib-u12-data-protection-notice.
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://cdn.cms-twdigitalassets.com/etc/designs/help-twitter/public/css/main.css.cdnversion.15927021
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://cdn.cms-twdigitalassets.com/etc/designs/help-twitter/public/css/print.css.cdnversion.1592702
            Source: de-ch[1].json.4.drString found in binary or memory: https://cdn.cookielaw.org/logos/static/ot_logo.svg
            Source: de-ch[1].json.4.drString found in binary or memory: https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.4.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.4.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://cdn.goglobalwithtwitter.com
            Source: regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://cdn.goglobalwithtwitter.com;
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://cdn.syndication.twimg.com;
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://client-s.gateway.messenger.live.com
            Source: de-ch[1].htm.4.drString found in binary or memory: https://clk.tradedoubler.com/click?p=220135&amp;a=3064090&amp;url(https://www.lehner-versand.ch/?utm
            Source: de-ch[1].htm.4.drString found in binary or memory: https://clk.tradedoubler.com/click?p=245744&amp;a=3064090url(https://store.hp.com/SwitzerlandStore/M
            Source: de-ch[1].htm.4.drString found in binary or memory: https://clk.tradedoubler.com/click?p=295926&amp;a=3064090
            Source: de-ch[1].htm.4.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=220135&amp;a=3064090&amp;g=24798744
            Source: {BD88C8D6-E12F-11EA-90E0-ECF4BB82F7E0}.dat.3.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
            Source: de-ch[1].htm.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
            Source: de-ch[1].htm.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=722878611&amp;size=306x271&amp;http
            Source: de-ch[1].htm.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=858412214&amp;size=306x271&amp;http
            Source: {BD88C8D6-E12F-11EA-90E0-ECF4BB82F7E0}.dat.3.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
            Source: {BD88C8D6-E12F-11EA-90E0-ECF4BB82F7E0}.dat.3.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://corpredirect.intel.com/Redirector/404Redirector.aspx?https://www.intel.ch/content/www/ch/de/
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://dev.twitter.com/
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://dev.twitter.com/community
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://dev.twitter.com/overview/documentation
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://discussions.apple.com
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.353950893.0000000002878000.00000004.00000001.sdmpString found in binary or memory: https://eeho.fa.us2.oraclecloud.com
            Source: regsvr32.exe, 00000001.00000003.353950893.0000000002878000.00000004.00000001.sdmpString found in binary or memory: https://eeho.fa.us2.oraclecloud.comX-Frame-OptionssameoriginX-Akam-SW-Version0.5.0Server-Timingedge;
            Source: regsvr32.exe, 00000001.00000003.353950893.0000000002878000.00000004.00000001.sdmpString found in binary or memory: https://explore.oracle.com
            Source: de-ch[1].htm.4.drString found in binary or memory: https://fluege.msn.com/de-ch/flugsuche
            Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.4.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://getsupport.apple.com/?caller=home&PRKEYS=
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://getsupport.apple.com/?caller=home&amp;PRKEYS=
            Source: regsvr32.exe, 00000001.00000003.412830942.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://hedl.windowsupdate.com/
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390631301.00000000028B5000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390658459.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/=eU
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/Me
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/ar
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/bg
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/bn
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/ca
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/contact-us
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/content/dam/help-twitter/brand/logo.
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/content/dam/help-twitter/brand/logo.png
            Source: regsvr32.exe, 00000001.00000003.390639930.0000000002815000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/content/dam/help-twitter/brand/logo.r.com/en
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/content/dam/help-twitter/logos/card_wide_blue.png
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/cs
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/da
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/de
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390621283.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/el
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.391268650.00000000028B3000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390658459.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/a-safer-twitter
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/contact-us
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/glossary
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account#account-settings
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account#deactivate-and-reactivate-accounts
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account#login-and-password
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account#notifications
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account#suspended-accounts
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account#username-email-and-phone
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account#verified-accounts
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account/forgotten-or-lost-password-reset
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account/how-to-add-a-phone-number-to-your-account
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/managing-your-account/notifications-on-mobile-devices
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/new-user-faq
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/rules
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/rules-and-policies
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/rules-and-policies#general-policies
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/rules-and-policies#law-enforcement-guildelines
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/rules-and-policies#research-and-experiments
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/rules-and-policies#twitter-rules
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/rules-and-policies/twitter-cookies
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/rules-and-policies/twitter-rules
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/safety-and-security
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/safety-and-security#abuse
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/safety-and-security#ads-and-data-privacy
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/safety-and-security#hacked-account
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/safety-and-security#sensitive-content
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/safety-and-security#spam-and-fake-accounts
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/safety-and-security/account-security-tips
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/safety-and-security/control-your-twitter-experience
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/safety-and-security/how-to-make-twitter-private-and-public
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/twitter-guide
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter#adding-content-to-your-tweet
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter#blocking-and-muting
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter#direct-messages
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter#following-people-and-groups
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter#search-and-trends
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter#tweets
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter#twitter-on-your-device
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter#using-periscope
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter#website-and-app-integrations
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter/advanced-twitter-mute-options
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter/direct-messages
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter/mentions-and-replies
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter/tweeting-gifs-and-pictures
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/en/using-twitter/twitter-videos
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/enLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedExpiresConten
            Source: regsvr32.exe, 00000001.00000003.390658459.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/enee
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/enom4
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/es
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/etc/clientlibs/dtm/help-twitter/ac0b17d7a4556cd264c3df3fac5054e8fd5023f8/sa
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/fa
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/fi
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/fil
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/fr
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/gu
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/he
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/hi
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/hr
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/hu
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/id
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/it
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/ja
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/kn
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/ko
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/m
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/managing-your-account
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/mr
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/ms
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/nl
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/no
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/pl
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/pt
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/ro
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/ru
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/rules-and-policies
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/rules-and-policies/twitter-cookies
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/safety-and-security
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/sk
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/sr
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/sv
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/ta
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/th
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/tr
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/uk
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/using-twitter
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/vi
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/zh-cn
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com/zh-tw
            Source: regsvr32.exe, 00000001.00000003.390658459.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://help.twitter.com=eU
            Source: auction[1].htm.4.drString found in binary or memory: https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://investor.twitterinc.com/
            Source: regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: https://itunes.apple.com/app/apple-store/id1130498044?mt=8
            Source: de-ch[1].htm.4.drString found in binary or memory: https://itunes.apple.com/ch/app/microsoft-news/id945416273?pt=80423&amp;ct=prime_footer&amp;mt=8
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://km.support.apple.com/etc/designs/support/publish/Base.min.css
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://km.support.apple.com/etc/designs/support/publish/commons.min.js
            Source: de-ch[1].htm.4.drString found in binary or memory: https://linkmaker.itunes.apple.com/assets/shared/badges/de-de/appstore-lrg.svg&quot;
            Source: regsvr32.exe, 00000001.00000003.412830942.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://loadrome.directory/
            Source: regsvr32.exe, 00000001.00000003.412830942.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://loadrome.directory/=eU
            Source: regsvr32.exe, 00000001.00000002.426536518.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.412830942.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://loadrome.directory/background.png
            Source: regsvr32.exe, 00000001.00000002.426566773.00000000028AE000.00000004.00000001.sdmpString found in binary or memory: https://loadrome.directory/background.pngLtd
            Source: regsvr32.exe, 00000001.00000002.426536518.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://loadrome.directory/background.pngt
            Source: regsvr32.exe, 00000001.00000002.426536518.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://loadrome.directory/kn7
            Source: regsvr32.exe, 00000001.00000002.427477449.0000000004610000.00000004.00000001.sdmpString found in binary or memory: https://loadrome.directory:443/background.png
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://locate.apple.com/
            Source: de-ch[1].htm.4.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;checkda=1&amp;ct=1597708178&amp;rver
            Source: de-ch[1].htm.4.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1597708178&amp;rver=7.0.6730.0&am
            Source: de-ch[1].htm.4.drString found in binary or memory: https://login.live.com/logout.srf?ct=1597708179&amp;rver=7.0.6730.0&amp;lc=1033&amp;id=1184&amp;lru=
            Source: de-ch[1].htm.4.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1597708178&amp;rver=7.0.6730.0&amp;w
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://marketing.twitter.com
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://marketing.twitter.com/na/en/collections.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://marketing.twitter.com/na/en/insights.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://marketing.twitter.com/na/en/solutions.html
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://marketing.twitter.com/na/en/success-stories.html
            Source: de-ch[1].htm.4.drString found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&amp;market=de-ch&quot;
            Source: regsvr32.exe, 00000001.00000003.353950893.0000000002878000.00000004.00000001.sdmpString found in binary or memory: https://my.oracle.com
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://onedrive.live.com/#qt=mru
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
            Source: de-ch[1].htm.4.drString found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://onedrive.live.com/about/en/download/
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://onedrive.live.com;Fotos
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://onedrive.live.com;OneDrive-App
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
            Source: de-ch[1].htm.4.drString found in binary or memory: https://outlook.com/
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://outlook.live.com/calendar
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://pbs.twimg.com/tweet_video_thumb/EAa_YvRU4AAH-IN.jpg:large
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://platform.twitter.com/widgets.js
            Source: de-ch[1].htm.4.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png&quot;
            Source: de-ch[1].htm.4.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&amp;hl=de-ch&amp;refer
            Source: {BD88C8D6-E12F-11EA-90E0-ECF4BB82F7E0}.dat.3.drString found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.353877399.0000000002884000.00000004.00000001.sdmpString found in binary or memory: https://s.go-mpulse.net/boomerang/
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.353877399.0000000002884000.00000004.00000001.sdmpString found in binary or memory: https://s2.go-mpulse.net/boomerang/
            Source: regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: https://schema.org
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
            Source: de-ch[1].htm.4.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-me
            Source: de-ch[1].htm.4.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-verticals-shoppinghub
            Source: de-ch[1].htm.4.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=travelnavlink
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://static.ads-twitter.com
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: https://static.oracle.com/cdn/jet/v6.2.0/default/css/alta/oj-alta-min.css
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/
            Source: regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/#organization
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/ar-ae
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/ar-sa
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/bg-bg
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/cs-cz
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/da-dk
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/de-at
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/de-ch
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/de-de
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/de-li
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/el-cy
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/el-gr
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-ae
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-al
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-am
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-au
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-bh
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-bn
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-bw
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-ca
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-eg
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-gb
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-gu
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-gw
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-hk
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-ie
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-il
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-in
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-is
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-jo
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-ke
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-kw
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-md
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-me
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-mk
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-mt
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-my
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-mz
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-ng
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-nz
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-om
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-ph
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-qa
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-sa
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-sg
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-ug
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-vn
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/en-za
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/es-cl
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/es-co
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/es-es
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/es-mx
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/et-ee
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fi-fi
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-be
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-ca
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-cf
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-ch
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-ci
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-cm
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-fr
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-gn
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-gq
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-lu
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-ma
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-mg
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-ml
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-mu
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-ne
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-sn
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/fr-tn
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/hr-hr
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/hu-hu
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/id-id
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/it-it
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/ja-jp
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/kb/index
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/ko-kr
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/lt-lt
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/lv-lv
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/nl-be
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/nl-nl
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/no-no
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/pl-pl
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/por
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/pt-br
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/pt-pt
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/ro-ro
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/ru-ru
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/sk-sk
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/sl-si
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/sv-se
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/th-th
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/tr-tr
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/zh-cn
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/zh-hk
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/zh-mo
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://support.apple.com/zh-tw
            Source: regsvr32.exe, 00000001.00000003.352457105.0000000002838000.00000004.00000001.sdmpString found in binary or memory: https://support.oracle.com
            Source: regsvr32.exe, 00000001.00000003.353984150.000000000284C000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.352450483.0000000002831000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.352457105.0000000002838000.00000004.00000001.sdmpString found in binary or memory: https://support.oracle.com/
            Source: regsvr32.exe, 00000001.00000003.352457105.0000000002838000.00000004.00000001.sdmpString found in binary or memory: https://support.oracle.com/=fU
            Source: regsvr32.exe, 00000001.00000003.352457105.0000000002838000.00000004.00000001.sdmpString found in binary or memory: https://support.oracle.com/Uf
            Source: regsvr32.exe, 00000001.00000003.353984150.000000000284C000.00000004.00000001.sdmpString found in binary or memory: https://support.oracle.com/js/universal/jQuery.js
            Source: regsvr32.exe, 00000001.00000003.353984150.000000000284C000.00000004.00000001.sdmpString found in binary or memory: https://support.oracle.com/js/universal/jQuery.jsJm
            Source: regsvr32.exe, 00000001.00000003.352457105.0000000002838000.00000004.00000001.sdmpString found in binary or memory: https://support.oracle.com/portal
            Source: regsvr32.exe, 00000001.00000003.352457105.0000000002838000.00000004.00000001.sdmpString found in binary or memory: https://support.oracle.com/portal/
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://support.skype.com
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://support.twitter.com/forms/get_help_now
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://syndication.twitter.com
            Source: de-ch[1].json.4.drString found in binary or memory: https://tcf.cookiepedia.co.uk
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com
            Source: de-ch[1].htm.4.drString found in binary or memory: https://twitter.com/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/AppleSupport
            Source: regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/applesupport
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/i/csp_report;
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/i/jot
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://twitter.com/i/notifications;Ich
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/intent/follow?user_id=17874544&screen_name=TwitterSupport
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/login?redirect_after_login=https://help.twitter.com/en
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/logout
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/privacy
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/signup
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/tos
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://twittercommunity.com/
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://video.twimg.com/tweet_video/EAa_YvRU4AAH-IN.mp4
            Source: de-ch[1].htm.4.drString found in binary or memory: https://web.vortex.data.msn.com/collect/v1
            Source: de-ch[1].htm.4.drString found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;a
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com
            Source: regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/
            Source: regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/#organization
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/ac/globalnav/5/en_US/scripts/ac-globalnav.built.js
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/ac/globalnav/5/en_US/styles/ac-globalnav.built.css
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/ipad/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/iphone/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/legal/internet-services/terms/site.html
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/legal/privacy/en-ww/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/legal/sla/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/legal/warranty/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/mac/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/music/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/retail/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/search-services/suggestions/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/search-services/suggestions/defaultlinks/
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/shop/goto/help/sales_refunds
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/shop/trade-in
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/sitemap/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/tv/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/us/search
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/us/shop/goto/bag
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/watch/
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.apple.com/wss/fonts/?families=SF
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=11518&amp;awinaffid=696593&amp;clickref=dech-edge-dhp-infopa
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.awin1.com/cread.php?awinmid=15168&amp;awinaffid=696593&amp;clickref=de-ch-edge-dhp-river
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: regsvr32.exe, 00000001.00000003.390714572.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://www.google-analytics.com
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmp, regsvr32.exe, 00000001.00000002.426420217.00000000027EA000.00000004.00000020.sdmpString found in binary or memory: https://www.intel.ch/
            Source: regsvr32.exe, 00000001.00000003.391239422.0000000002883000.00000004.00000001.sdmpString found in binary or memory: https://www.intel.ch/content/www/ch/de/homepage.html
            Source: regsvr32.exe, 00000001.00000003.391197859.000000000282F000.00000004.00000001.sdmpString found in binary or memory: https://www.intel.com/
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.jumbo.ch/de/saisonal/fruehling?utm_source=microspot_msn_shopping&amp;utm_medium=display&
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/angst-vor-dem-peak-z%c3%bcrich-setzt-das-coronavirus-der-langen
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/die-brutalit%c3%a4t-der-polizei-hat-dabei-ein-niveau-erreicht-d
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/eine-verlorene-generation-wegen-corona-das-ist-k%c3%a4se-man-we
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/festnahme-nach-spektakul%c3%a4rem-bank%c3%bcberfall/ar-BB17XBHP
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/filippo-leutenegger-meint-zur-maskenpflicht-an-schulen-wenn-ein
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/videos-mit-strafbaren-handlungen-auf-dem-instagram-profil-szene
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/w%c3%a4hrend-des-lockdowns-stellten-die-z%c3%bcrcherinnen-und-z
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/wie-erhard-b%c3%bcchi-ein-jahrzehnt-lang-daf%c3%bcr-k%c3%a4mpft
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/zollikerberg-zwei-jugendliche-tot-in-wohnung-aufgefunden/ar-BB1
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/news/other/zwei-jugendliche-tot-in-der-wohnung-eines-rappers-aufgefunden/a
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.msn.com/de-ch/sport/nhl
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&amp;auth=1&amp;wdorigin=msn
            Source: regsvr32.exe, 00000001.00000003.390702163.000000000286F000.00000004.00000001.sdmpString found in binary or memory: https://www.oracle.com
            Source: regsvr32.exe, 00000001.00000003.353950893.0000000002878000.00000004.00000001.sdmpString found in binary or memory: https://www.oracle.com/
            Source: regsvr32.exe, 00000001.00000003.353984150.000000000284C000.00000004.00000001.sdmpString found in binary or memory: https://www.oracle.com/splash/support/generic/error-page1-416750.html
            Source: regsvr32.exe, 00000001.00000003.353942035.000000000286F000.00000004.00000001.sdmpString found in binary or memory: https://www.oracle.com/splash/support/generic/error-page1-416750.htmlLocationETagAuthentication-Info
            Source: regsvr32.exe, 00000001.00000003.353962668.0000000002815000.00000004.00000001.sdmpString found in binary or memory: https://www.oracle.com/support/contact.html?ssSourceSiteId=splash
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_mestripe_logo_d
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_shop_de&amp;utm
            Source: de-ch[1].htm.4.drString found in binary or memory: https://www.skype.com/
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://www.skype.com/de
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://www.skype.com/de/download-skype
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
            Source: iab2Data[1].json.4.drString found in binary or memory: https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
            Source: 85-0f8009-68ddb2ab[1].js.4.drString found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
            Source: regsvr32.exe, 00000001.00000003.390583262.0000000004611000.00000004.00000001.sdmpString found in binary or memory: https://www.twitterflightschool.com/sl/382652bc
            Source: regsvr32.exe, 00000001.00000003.391160691.00000000028BE000.00000004.00000001.sdmpString found in binary or memory: https://www.wikidata.org/wiki/Q65129345
            Source: regsvr32.exe, 00000001.00000003.365803966.0000000002897000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/applesupport
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703

            E-Banking Fraud:

            barindex
            Yara detected IcedIDShow sources
            <
            Source: Yara matchFile source: 00000001.00000002.426536518.0000000002883000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.426566773.00000000028AE000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara match